Https Certificates; Https Methodology; Ssl Server Certificate - Cisco 6800 Series Provisioning Manual
Multiplatform phones
Hide thumbs
Also See for 6800 Series:
- Administration manual (358 pages) ,
- User manual (222 pages) ,
- Hardware installation (20 pages)
Table of Contents
Advertisement
Provisioning Examples
Related Topics
Secure HTTPS Resync, on page 51
HTTPS Certificates
The phone provides a reliable and secure provisioning strategy that is based on HTTPS requests from the
device to the provisioning server. Both a server certificate and a client certificate are used to authenticate the
phone to the server and the server to the phone.
To use HTTPS with the phone, you must generate a Certificate Signing Request (CSR) and submit it to Cisco.
The phone generates a certificate for installation on the provisioning server. The phone accepts the certificate
when it seeks to establish an HTTPS connection with the provisioning server.
HTTPS Methodology
HTTPS encrypts the communication between a client and a server, thus protecting the message contents from
other network devices. The encryption method for the body of the communication between a client and a
server is based on symmetric key cryptography. With symmetric key cryptography, a client and a server share
a single secret key over a secure channel that is protected by Public/Private key encryption.
Messages encrypted by the secret key can only be decrypted by using the same key. HTTPS supports a wide
range of symmetric encryption algorithms. The phone implements up to 256-bit symmetric encryption, using
the American Encryption Standard (AES), in addition to 128-bit RC4.
HTTPS also provides for the authentication of a server and a client engaged in a secure transaction. This
feature ensures that a provisioning server and an individual client cannot be spoofed by other devices on the
network. This capability is essential in the context of remote endpoint provisioning.
Server and client authentication is performed by using public/private key encryption with a certificate that
contains the public key. Text that is encrypted with a public key can be decrypted only by its corresponding
private key (and vice versa). The phone supports the Rivest-Shamir-Adleman (RSA) algorithm for public/private
key cryptography.
SSL Server Certificate
Each secure provisioning server is issued a secure sockets layer (SSL) server certificate that Cisco signs
directly. The firmware that runs on the phone recognizes only a Cisco certificate as valid. When a client
connects to a server by using HTTPS, it rejects any server certificate that is not signed by Cisco.
This mechanism protects the service provider from unauthorized access to the phone, or any attempt to spoof
the provisioning server. Without such protection, an attacker might be able to reprovision the phone, to gain
configuration information, or to use a different VoIP service. Without the private key that corresponds to a
valid server certificate, the attacker is unable to establish communication with a phone.
Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide
HTTPS Certificates
55
Advertisement
Table of Contents
