Resolution: Won't Do
Affects Version/s: 14
Fix Version/s: None
Component/s: Certificate Manager
I tried and tried to get Yealink phones to connect using HTTPS Provisioning, HTTPS Phone Apps, and TLS to a new FreePBX 14 system and couldn't get it to work. The same phones will connect to a FreePBX 13 system without hesitation.
I found this FreePBX community forum thread about the problem: https://community.freepbx.org/t/yealink-t4xg-phones-will-not-autoprovision-over-https-with-freepbx-14/44617
Similar threads exist on Yealink's forums: http://forum.yealink.com/forum/showthread.php?tid=41843
I didn't have time to deep dive into why it was happening and bought a Comodo certificate to get the customer up and running and buy me some time. Now I am circling back to this and I think I might have found the cause of the problem. Both system have this in the tls transport section of pjsip:
That ca-bundle.crt file is very different between FreePBX 13 and 14. In FreePBX 13, it is:
rw-r r-. 1 root root 877042 Apr 23 2015 ca-bundle.crt
In FreePBX 14 it is a symbolic link to this:
r r r-. 1 root root 211658 Aug 2 2012 tls-ca-bundle.pem
The file is much smaller and older on FreePBX 14 than on 13 (211K from 2012 in FreePBX 14 vs 877K from 2015 in FreePBX 13).
Google tells me that these CA Bundle files are used to provide information necessary to improve compatibility and trust of certain certificates, but how that all works is above my pay grade, so I am just looking at what are the differences in the files referenced on FreePBX 13 vs FreePBX 14 systems and this is what I found. I'm hoping that this is a meaningful difference worth pointing out and that someone at Sangoma who is smarter than me can confirm that this is, in fact, the problem, and if so, push out an update of that file.