Https With Client Certificate Authentication - Cisco SPA901-UK - Small Business Pro Provisioning Manual

Voice system, voice gateways, and ip telephones

page of 114

/ 114
Contents
Table of Contents
Bookmarks

Table of Contents

Provisioning Tutorial

Secure Resync

STEP 9 Inspect the server certificate supplied by the server.

STEP 10

STEP 11

STEP 12

STEP 13

Cisco Small Business IP Telephony Devices Provisioning Guide

The browser probably does not recognize it as valid unless the browser has been

preconfigured to accept Cisco as a root CA. However, the IP Telephony Devices

expect the certificate to be signed this way.

Modify the Profile_Rule of the test device to contain a reference to the HTTPS

server in place of the HTTP server, for example:

https://my.server.com/basic.txt

This example assumes the name of the HTTPS server is my.server.com.

Click Submit All Changes.

Observe the syslog trace sent by the IP Telephony Device.

The syslog message should indicate that the resync obtained the profile from the

HTTPS server.

(Optional) Use an Ethernet protocol analyzer on the IP Telephony Device subnet to

verify that the packets are encrypted.

In this exercise, client certificate verification is not yet enabled, use a browser to

request the profile stored in basic.txt.

The connection between IP Telephony Device and server is encrypted. However,

the transfer is not secure because any client can connect to the server and request

the file, given knowledge of the file name and directory location. For secure

resync, the server must also authenticate the client, as demonstrated in the next

exercise.