Applicability
- Model: S-Series Cloud PBX, P-Series Cloud PBX
- Firmware version: Any
- IP Phone: Yealink and other brand phone use expired ISRG Root X1 CA cert(Especially version before V86)
Symptom
- Auto Provisioning failure since October 2021 for Yealink IP phone.
- Previously remote phonebook is working, but it starts to have phonebook update failure since October 2021 for Yealink IP phone.
- TLS registration failure since since October 2021 for Yealink IP phone.
Cause
In this article, we take Yealink IP phone as example.
The Yeastar Hosted Cloud PBX uses Let's Encrypt ISRG Root X1 domain valid certificate. However, the ISRG Root X1 CA certificates loaded on old version Yealink phone have been expired since Oct 6, 2021.
This will make PBX reject the TLS handshake when doing HTTPS based provisioning processs.
Solution
Upgarde the Yealink phone to the latest version (which supported to upgrade to version V86). Because the latest version will include the updated ISRG Root X1 CA certificate.
You can find the new it in the scroll down list. The expiration date has been updated to the year of 2035.
The known affected models:
- T5X, T41S, T42S, T31(T30,T30P,T31G,T31P,T33P,T33G),
- W70B
Older Yealink models
They do not have upgrade to gain the new certificate. The alternative is to manually disable the option "Only Accept Trusted Certificates" on the phone. The known affected models:
- T23P, T23G, T40G, T41P, T42G, T46G, T48G, T52S
- W60B
0 Comments