Page tree


Web User Interface


Phone User Interface


XML Configuration

<phone_cert_type perm="PERMISSIONFLAGS">VALIDVALUE</phone_cert_type>


This setting defines which certificate type the phone uses as the server certificate for the integrated web server and as the client certificate for web requests.

The default value 'sha1' in versions < ensures that the phone behaves the same as before, it always uses a sha1 certificate - since version the default value is 'best' (see follow up section for details). The 7xx/D7xx/8xx/D3x5 phones contain an individual sha1 certificate with the MAC address of the phone as the common name. This individual certificate is used if available, the fallback is a generic sha1 certificate, which is the same for all snom phones.

The value 'sha256' makes sure that the phone always uses a sha256 certificate. 7xx / D7xx and D3x5 phones from current productions already contain an additional individual sha256 certificate. For phones shipped without it, the individual sha256 certificate can be retrofitted by a special firmware update. If the individual sha256 certificate is not available, a generic sha256 certificate is used, which is the same for all snom phones.

The value 'best' uses the best available certificate. The search order is as follows:

Individual sha256 certificate, Individual sha1 certificate, Generic sha256 certificate (Generic sha1 certificate)

As the generic sha256 certificate should be always available, 'best' should never fall back to the generic sha1 certificate.

If a custom certificate was provisioned via setting webserver_cert or uploaded via web interface, the phone will use that certificate regardless of the value of phone_cert_type!

The D120 does not provide a SHA1 certificate and therefore does not provide this setting.

Valid Values

'sha1', 'sha256', 'best'

Default Value

best (starting from firmware version