Configuring Trusted SSL Certificates for Zoom Phone

Owned by Daniel Burkholder
Last updated: 2023 Aug 14
2 min read

Introduction

Purpose: Teach the User how to create, upload, and provision SSL certificates so that Mitel phones can successfully register against Zoom Phone over TLS 1.2. This is a requirement for Zoom Phone Service.

Supported Devices: This solution is applicable to all Mitel devices supported in Phonism.

Creating a Mitel-Compatible Certificate for Zoom Phone

  1. Download SSL Certificates: Download the following SSL Certificates from Zoom Phone's Knowledge Base:

    1. DigiCert Global Root CA

    2. DigiCert Global Root G2

    3. DigiCert TLS RSA4096 Root G5

  2. Combine Certificates: Open a text editor and combine the content of each of the three .pem files you downloaded into a single file. Save this file with a memorable name like zoom_phone_trusted_certs.pem.

    1. Your combined file will look something like this

    2. -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN ... -----END CERTIFICATE-----

  3. Upload Certificate File in Phonism: In Phonism, navigate to the Resources > Assets tab and Add Certificate File to upload your newly created .pem file.

  4. Configure Devices for Retrieval: Once uploaded, you can configure your devices to retrieve this file from Phonism when provisioning.

    1. Configure Mitel Phone or Template:

      1. Set the following setting in either the Phone or Template Custom Configuration: sips trusted certificates: {{zoom_trusted_cert_pem}}.

      2. Replace {{zoom_trusted_cert_pem}} with the {{tag}} corresponding to your newly uploaded certificate.

      3. This Tag can be found when editing a configuration value in Phonism and selecting the Variables submenu.

      4. This Tag has a pattern of {{AUX.filename.pem}}. Thus, if you named your file zoom_phone_trusted_certs.pem, your tag would look like {{AUX.zoom_phone_trusted_certs.pem}}.

      5. Hit save on the Phone or Template to commit your changes.

      6. When configuration is generated for your Mitel Phone, we will configure the device to request and install your uploaded certificate file on next provision.

Troubleshooting and Common Errors

Troubleshooting Tip: If you're experiencing trouble registering with Zoom Phone on your Mitel Phone, ensure that your NTP time servers are configured correctly.

Files

  • Merged certificate file as of 2023-08-10. Combination of DigiCert Global Root CA, DigiCert Global Root G2, and DigiCert TLS RSA4096 Root G5