Manualshelf

User Manual

ManualsBrandsYealink ManualsCorded PhonesSIP-T46G
361362363364365366367368369370
Yealink Skype for Business HD IP Phones Administrator Guide
344
2. Click Browse to select the certificate (*.pem and *.cer) from your local system.
3. Click Upload to upload the certificate.
A dialog box pops up to prompt “Success: The Server Certificate has been loaded!
Rebooting, please wait…”.
Encrypting Configuration Files
Encrypted configuration files can be downloaded from the provisioning server to protect against
unauthorized access and tampering of sensitive information (e.g., login passwords, registration
information). Yealink supplies a configuration encryption tool for encrypting configuration files.
The encryption tool encrypts plaintext <y0000000000xx>.cfg and <MAC>.cfg files (one by one
or in batch) using 16-character symmetric keys (the same or different keys for configuration files)
and generates encrypted configuration files with the same file name as before. This tool also
encrypts the plaintext 16-character symmetric keys using a fixed key, which is the same as the
one built in the Skype for Business phone, and generates new files named as <xx_Security>.enc
(xx indicates the name of the configuration file, for example, y000000000028_Security.enc for
y000000000028.cfg file). This tool generates another new file named as Aeskey.txt to store the
plaintext 16-character symmetric keys for each configuration file.
For a Microsoft Windows platform, you can use a Yealink-supplied encryption tool
"Config_Encrypt_Tool.exe" to encrypt the <y0000000000xx>.cfg and <MAC>.cfg files
respectively.
Note
For security reasons, administrator should upload encrypted configuration files,
<y0000000000xx_Security>.enc
and/or <MAC_Security>.enc files to the root directory of the
provisioning server. During auto provisioning, the Skype for Business phone requests to
download <y0000000000xx>.cfg file first. If the downloaded configuration file is encrypted, the
Skype for Business phone will request to download <y0000000000xx_Security>.enc file (if
enabled) and decrypt it into the plaintext key (e.g., key2) using the built-in key (e.g., key1). Then
the Skype for Business phone decrypts <y0000000000xx>.cfg file using key2. After decryption,
the Skype for Business phone resolves configuration files and updates configuration settings
onto the Skype for Business phone system.
Yealink also supplies a configuration encryption tool (yealinkencrypt) for Linux platform if
required. For more information, refer to
Yealink Configuration Encryption Tool User Guide
.