Https Client Filtering And Dynamic Content - Cisco 6800 Series Provisioning Manual
Multiplatform phones
Hide thumbs
Also See for 6800 Series:
- Administration manual (358 pages) ,
- User manual (222 pages) ,
- Hardware installation (20 pages)
Table of Contents
Advertisement
HTTPS Client Filtering and Dynamic Content
With client authentication enabled, only a phone with a MAC address that matches a valid client certificate
can request the profile from the provisioning server. The server rejects a request from an ordinary browser or
other unauthorized device.
HTTPS Client Filtering and Dynamic Content
If the HTTPS server is configured to require a client certificate, the information in the certificate identifies
the resyncing phone and supplies it with the correct configuration information.
The HTTPS server makes the certificate information available to CGI scripts (or compiled CGI programs)
that are invoked as part of the resync request. For the purpose of illustration, this exercise uses the open source
Perl scripting language, and assumes that Apache (v.2) is used as the HTTPS server.
Procedure
Step 1
Install Perl on the host that is running the HTTPS server.
Step 2
Generate the following Perl reflector script:
#!/usr/bin/perl -wT
use strict;
print "Content-Type: text/plain\n\n";
print "<flat-profile><GPP_D>";
print "OU=$ENV{'SSL_CLIENT_I_DN_OU'},\n";
print "L=$ENV{'SSL_CLIENT_I_DN_L'},\n";
print "S=$ENV{'SSL_CLIENT_I_DN_S'}\n";
print "</GPP_D></flat-profile>";
Step 3
Save this file with the file name reflect.pl, with executable permission (chmod 755 on Linux), in the
CGI scripts directory of the HTTPS server.
Step 4
Verify accessibility of CGI scripts on the server (that is, /cgi-bin/...).
Step 5
Modify the Profile_Rule on the test device to resync to the reflector script, as in the following example:
https://prov.server.com/cgi-bin/reflect.pl?
Step 6
Click Submit All Changes.
Step 7
Observe the syslog trace to ensure a successful resync.
Step 8
On the Configuration Utility page, select Admin Login > advanced > Voice > Provisioning.
Step 9
Verify that the GPP_D parameter contains the information that the script captured.
This information contains the product name, MAC address, and serial number if the test device carries a
unique certificate from the manufacturer. The information contains generic strings if the unit was manufactured
before firmware release 2.0.
A similar script can determine information about the resyncing device and then provide the device with
appropriate configuration parameter values.
Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide
54
Provisioning Examples
Advertisement
Table of Contents
