Yealink phones have an extra layer of security on them by default, only allowing TLS Encryption to be activated by suppliers the phone has been told it can trust. It's a military grade and restrictive measure really (hence you don't see it on by default on other hardware phones) and not required to activate TLS Encryption with Yay. The exact setting is called "Only accept Trusted Certificates" and can be found under Security > Trusted Certificates when logged into the web interface of a Yealink phone. This needs to be set to "Disabled" for TLS to be enabled. A screenshot of the exact setting can be found below:
By changing this setting your phone will of course still use TLS for your SIP traffic and encrypt it; the setting just defines whether we have to tell it about our certificate first or whether it can just trust we are good guys. Hopefully by now you know we are, so giving you a certificate won't help prove that!
Once you've removed this restriction on TLS, you can now head into the relevant SIP account on your Yealink phone and change the transport to TLS seamlessly. Remember you don't need to turn on Call Encryption at Yay to use TLS; this is only for Secure RTP traffic. A lot of our customers use SIP TLS encryption to simply stop their routers needlessly interfering with their VoIP traffic. Please find below a screenshot of the actual SIP TLS Transport setting.