Table of Contents
Advertisement
Provisioning Examples
Secure HTTPS Resync
STEP 5
STEP 6
STEP 7
STEP 8
STEP 9
STEP 10
STEP 11
Provisioning Guide for Cisco SPA100 and SPA200 Series Analog Telephone Adapters
Restart the server.
Copy the basic.txt configuration file (described in the
onto the virtual root directory of the HTTPS server.
Verify proper server operation by downloading basic.txt from the HTTPS server
by using a standard browser from the local PC.
Inspect the server certificate supplied by the server.
The browser probably does not recognize it as valid unless the browser has been
preconfigured to accept Cisco as a root CA. However, these ATAs expect the
certificate to be signed this way.
Modify the Profile_Rule of the test device to contain a reference to the HTTPS
server, for example:
<Profile_Rule ua="na">
https://my.server.com/basic.txt
</Profile_Rule>
This example assumes the name of the HTTPS server is my.server.com.
Click Submit All Changes.
Observe the syslog trace sent by the ATA.
The syslog message should indicate that the resync obtained the profile from the
HTTPS server.
(Optional) Use an Ethernet protocol analyzer on the ATA subnet to verify that the
packets are encrypted.
In this exercise, client certificate verification was not enabled. The connection
between ATA and server is encrypted. However, the transfer is not secure
because any client can connect to the server and request the file, given
knowledge of the file name and directory location. For secure resync, the server
must also authenticate the client, as demonstrated in the exercise described in the
HTTPS With Client Certificate Authentication
TFTP Resync
section.
4
exercise)
55
Hide quick links:
Advertisement
Table of Contents
