Obtain A Server Certificate; Client Certificate; Certificate Structure - Cisco 6800 Series Provisioning Manual
Multiplatform phones
Hide thumbs
Also See for 6800 Series:
- Administration manual (358 pages) ,
- User manual (222 pages) ,
- Hardware installation (20 pages)
Table of Contents
Advertisement
HTTPS Certificates
Obtain a Server Certificate
Procedure
Step 1
Contact a Cisco support person who will work with you on the certificate process. If you are not working with
a specific support person, email your request to ciscosb-certadmin@cisco.com.
Step 2
Generate a private key that will be used in a CSR (Certificate Signing Request). This key is private and you
do not need to provide this key to Cisco support. Use open source "openssl" to generate the key. For example:
openssl genrsa -out <file.key> 1024
Step 3
Generate a CSR that contains fields that identify your organization and location. For example:
openssl req -new -key <file.key> -out <file.csr>
You must have the following information:
• Subject field—Enter the Common Name (CN) that must be an FQDN (Fully Qualified Domain Name)
syntax. During SSL authentication handshake, the phone verifies that the certificate it receives is from
the machine that presented it.
• Server hostname—For example, provserv.domain.com.
• Email address—Enter an email address so that customer support can contact you if needed. This email
address is visible in the CSR.
Step 4
Email the CSR (in zip file format) to the Cisco support person or to ciscosb-certadmin@cisco.com. The
certificate is signed by Cisco. Cisco sends the certificate to you to install on your system.
Client Certificate
In addition to a direct attack on a phone, an attacker might attempt to contact a provisioning server through
a standard web browser or another HTTPS client to obtain the configuration profile from the provisioning
server. To prevent this kind of attack, each phone also carries a unique client certificate, signed by Cisco, that
includes identifying information about each individual endpoint. A certificate authority root certificate that
is capable of authenticating the device client certificate is given to each service provider. This authentication
path allows the provisioning server to reject unauthorized requests for configuration profiles.
Certificate Structure
The combination of a server certificate and a client certificate ensures secure communication between a remote
phone and its provisioning server. The figure below illustrates the relationship and placement of certificates,
public/private key pairs, and signing root authorities, among the Cisco client, the provisioning server, and the
certification authority.
Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide
56
Provisioning Examples
Advertisement
Table of Contents
