Exercise: Basic Https Resync - Cisco 6800 Series Provisioning Manual

Multiplatform phones

Hide thumbs Also See for 6800 Series:

Administration manual (358 pages)

User manual (222 pages)

Hardware installation (20 pages)

Table Of Contents

100

101

102

103

104

page of 104

/ 104
Contents
Table of Contents
Bookmarks

Table of Contents

Basic HTTPS Resync

Exercise: Basic HTTPS Resync

Procedure

Step 1

Install an HTTPS server on a host whose IP address is known to the network DNS server through normal

hostname translation.

The open source Apache server can be configured to operate as an HTTPS server when installed with the

open source mod_ssl package.

Step 2

Generate a server Certificate Signing Request for the server. For this step, you might need to install the open

source OpenSSL package or equivalent software. If using OpenSSL, the command to generate the basic CSR

file is as follows:

openssl req –new –out provserver.csr

This command generates a public/private key pair, which is saved in the privkey.pem file.

Step 3

Submit the CSR file (provserver.csr) to Cisco for signing.

A signed server certificate is returned (provserver.cert) along with a Sipura CA Client Root Certificate,

spacroot.cert.

See

https://supportforums.cisco.com/docs/DOC-9852

Step 4

Store the signed server certificate, the private key pair file, and the client root certificate in the appropriate

locations on the server.

In the case of an Apache installation on Linux, these locations are typically as follows:

# Server Certificate:

SSLCertificateFile /etc/httpd/conf/provserver.cert

# Server Private Key:

SSLCertificateKeyFile /etc/httpd/conf/pivkey.pem

# Certificate Authority:

SSLCACertificateFile /etc/httpd/conf/spacroot.cert

Step 5

Restart the server.

Step 6

Copy the

of the HTTPS server.

Step 7

Verify proper server operation by downloading basic.txt from the HTTPS server by using a standard

browser from the local PC.

Step 8

Inspect the server certificate that the server supplies.

The browser probably does not recognize the certificate as valid unless the browser has been pre-configured

to accept Cisco as a root CA. However, the phones expect the certificate to be signed this way.

Modify the Profile_Rule of the test device to contain a reference to the HTTPS server, for example:

<Profile_Rule>

https://my.server.com/basic.txt

</Profile_Rule>

This example assumes the name of the HTTPS server is

Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide

configuration file (described in

basic.txt

for more information

TFTP Resync, on page

45) onto the virtual root directory

my.server.com

Provisioning Examples

Table of Contents

Exercise: Basic Https Resync - Cisco 6800 Series Provisioning Manual

Exercise: Basic HTTPS Resync

Related Manuals for Cisco 6800 Series

Related Content for Cisco 6800 Series

Table of Contents