@
NickD_3CX
Unfortunately, I don't really understand your response…
FQDN:
As I wrote, the 3cx is hosted by a
provider in the cloud (so I'm not able to change it).
Name of FQDN:
user<number>.<providername>.cloud
Note to FWDN in 3cx console:
"The FQDN is used by 3cx for calls, provisioning URLS and client. It cant be changed afterwards."
So.. what can I do in this (my) case...?
Yealink interface:
Before I had changed the setting to the certificate and then was able the first time to provision the phone from 3cx, I
don't had the security warnings in the browsers.
If the reason is (as you wrote) that the cert on the phone is a self signed one, I should had the security warnings also before - or do I understand something wrong..?
Thanks for a further feedback.
Hi FredyWenger,
You have the common problem which I'm calling
"I don't want to follow the rules, but you must fix my problems".
If you (or your provider) are not using the 3cx and yealink supported root certificates, how you can provision the phones remotely? They will never silently trust your (or provider) generated self-signed certificates.
Can you simply check the PBX certificate? Just connect to the 3cx PBX management console, click on the lock sigh and check is it the Let's Encrypt certificate or not....
If your provider installed 3cx using not trusted certificates whose fault it is - 3cx, yealink or your provider?
I think provider and I think you can fix your problems faster by connecting to your provider and asking him to re-install your PBX using 3cx generated certificates.
So, I think I answered to your "
So.. what can I do in this (my) case...?" question.
About the "
Yealink interface:".
When the yealink phone is not provisioned and have nothing to protect (username, password, server address, web access password and etc..) it's using the HTTP protocol, so you can't have any security warnings.
After the provisioning, when the phone need to protect the mentioned information, it's using the HTTPS protocol and because that the yealink is using it's own self-signed certificate, the browsers are showing it "Not Secure". There is no issue here.
About the "
So.. I have installed the latest FW (66.84.0.10) yesterday on the device and don't want to downgrade".
If you don't want to use the yealink FW version supported by 3cx, how can you ask for the support?
If this FW version is not tested with 3cx and by 3cx, how can you trust it?
If you are not planning to downgrade, why 3cx or yealink need to help you?
Personally I installed around 150 Yealink phones (including T4xS models) for our customers and around 70-80 of them are provisioned behind SBC and using the 3cx supported 66.83.0.20 version.
I had no any single issue during the provisioning them - BTW, Thanks to 3cx and yealink guys!!!
I think, you need to contact to your provider and ask him to provide you with the supported solutions