| Configuring the Security Features | 201• thawte Primary Root CA• -VeriSign Universal Root Certification Authority• Equifax Secure Certificate Authority• DigiCert High Assurance EV Root CA• Equifax Secure Global eBusiness CA-1• Yealink Equipment Issuing CA• GeoTrust Primary Certification Authority - G2• VeriSign Class 1 Public Primary Certification Authority - G3• VeriSign Class 3 Public Primary Certification Authority - G3• VeriSign Class 3 Public Primary Certification Authority - G4• Deutsche Telekom Root CA 2• Class 1 Public Primary Certification Authority• Symantec Class 3 Secure Server CA - G4• Symantec Class 3 Secure Server CA – G• quickconnect.starleaf.com• yealinkvc.com• StarLeaf CA• Class 1 Public Primary Certification Authority - G2• Class 2 Public Primary Certification Authority - G2• Class 3 Public Primary Certification Authority - G2• Class 4 Public Primary Certification Authority - G2Note:The most common used CA Certificates are built in Yealink phones. Due to memory constraints, wecannot ensure a complete set of certificates. If there is no the desired certificate in the above list, contactyour distributor for the desired one. After that, you can upload the certificate into your phone. For moreinformation on uploading custom CA certificate, refer to Transport Layer Security (TLS).Managing the Server CertificatesThe system can serve as a TLS server. When clients request a TLS connection with the system, the system sends theserver certificate (device certificate) to the clients for authentication.About this taskThe server certificate contains the default and the custom certificates. You can customize the certificate type sent bythe system to the client for authentication.• Default Certificates: a unique server certificate and a generic server certificate.Only if no unique certificate exists, the system may send a generic certificate for authentication.• Custom Certificates: You can only upload one server certificate to the system. The old server certificate will beoverridden by the new one. The format of the server certificate files must be *.pem or .cer, and the size should beless than 5M.Procedure1. On your web user interface, go to Security > Server Certs.2. Configure and save the following settings: