Table of Contents
Advertisement
Provisioning Cisco Small Business VoIP Devices
Using HTTPS
Using HTTPS
Cisco Small Business IP Telephony Devices Provisioning Guide
Flow Step
SEC-PRV-1
Secure
Provisioning—Initial
Configuration
SEC-PRV-2
Secure
Provisioning—Full
Configuration
The IP Telephony device provides a reliable and secure provisioning strategy
based on HTTPS requests from the device to the provisioning server. Both a
server certificate and a client certificate are used to authenticate the IP Telephony
device to the server and the server to the IP Telephony device.
To use HTTPS, you must generate a Certificate Signing Request (CSR) and submit
it to Cisco. Cisco generates a certificate for installation on the provisioning server.
The IP Telephony device accepts the certificate when it seeks to establish an
HTTPS connection with the provisioning server. This procedure is described in the
"HTTPS" section on page
Step Description
The initial device-unique CFG file is targeted to each IP
Telephony device by compiling the CFG file with the
target
option. This provides an initial level of encryption that
does not require the exchange of keys.
The initial device-unique CFG file reconfigures the profile
parameters to enable stronger encryption by programming a
256-bit encryption key and pointing to a randomly-generated
TFTP directory. For example, the CFG file might contain:
Profile_Rule [--key $A] tftp.callme.com/profile/$B/
spa962.cfg;
GPP_A 8e4ca259...;
# 256 bit key
GPP_B Gp3sqLn...;
# random CFG file path directory
Subsequent profile resync operations retrieve 256-bit
encrypted CFG files that maintain the IP Telephony device in a
state synchronized to the provisioning server.
All remaining parameters are configured and maintained
through this strongly encrypted profile. The encryption key and
random directory location can be changed periodically for extra
security.
26.
1
spc --
16
Advertisement
Table of Contents
