Authenticate With Basic Https Resync - Cisco 8800 Series Manual
Hide thumbs
Also See for 8800 Series:
- Administration manual (406 pages) ,
- User manual (218 pages) ,
- Hardware installation manual (140 pages)
Table of Contents
Advertisement
Cisco IP Phone Provisioning
• Confidentiality of information exchanged between the phone and the provisioning server is ensured.
SSL generates and exchanges secret (symmetric) keys for each connection between the phone and the server,
using public/private key pairs that are pre-installed in the phone and the provisioning server.
On the client side, the phone does not require any special configuration setting on the server to be able to
resync using HTTPS. The Profile_Rule parameter syntax for using HTTPS with the GET method is similar
to the syntax that is used for HTTP or TFTP. If a standard web browser can retrieve a profile from a your
HTTPS server, the phone should be able to do so as well.
In addition to installing a HTTPS server, a SSL server certificate that Cisco signs must be installed on the
provisioning server. The devices cannot resync to a server that is using HTTPS unless the server supplies a
Cisco-signed server certificate. Instructions for creating signed SSL Certificates for Voice products can be
found at https://supportforums.cisco.com/docs/DOC-9852.
Authenticate with Basic HTTPS Resync
Procedure
Step 1
Install an HTTPS server on a host whose IP address is known to the network DNS server through normal
hostname translation.
The open source Apache server can be configured to operate as an HTTPS server when installed with the
open source mod_ssl package.
Step 2
Generate a server Certificate Signing Request for the server. For this step, you might need to install the open
source OpenSSL package or equivalent software. If using OpenSSL, the command to generate the basic CSR
file is as follows:
openssl req –new –out provserver.csr
This command generates a public/private key pair, which is saved in the privkey.pem file.
Step 3
Submit the CSR file (provserver.csr) to Cisco for signing.
A signed server certificate is returned (provserver.cert) along with a Sipura CA Client Root Certificate,
spacroot.cert.
See
https://supportforums.cisco.com/docs/DOC-9852
Step 4
Store the signed server certificate, the private key pair file, and the client root certificate in the appropriate
locations on the server.
In the case of an Apache installation on Linux, these locations are typically as follows:
# Server Certificate:
SSLCertificateFile /etc/httpd/conf/provserver.cert
# Server Private Key:
SSLCertificateKeyFile /etc/httpd/conf/pivkey.pem
# Certificate Authority:
SSLCACertificateFile /etc/httpd/conf/spacroot.cert
Step 5
Restart the server.
Cisco IP Phone 8800 Series Multiplatform Phone Administration Guide for Release 11.3(1) and Later
Authenticate with Basic HTTPS Resync
for more information
57
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
