1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Adapter
  5. SPA1112
  6. Provisioning manual

Cisco SPA1112 Provisioning Manual page 59

Analog telephone adapters
Hide thumbs
Table of Contents

Advertisement

Provisioning Examples
Secure HTTPS Resync
Provisioning Guide for Cisco SPA100 and SPA200 Series Analog Telephone Adapters
SSL Server Certificates
Each secure provisioning server is issued a SSL server certificate, directly signed
by Cisco. The firmware running on the ATA recognizes only a Cisco certificate as
valid. When a client connects to a server by using HTTPS, it rejects any server
certificate that is not signed by Cisco.
This mechanism protects the service provider from unauthorized access to the
ATA, or any attempt to spoof the provisioning server. Without such protection, an
attacker might be able to reprovision the ATA, to gain configuration information, or
to use a different VoIP service.
Client Certificates
In addition to a direct attack on an ATA, an attacker might attempt to contact a
provisioning server by using a standard web browser or another HTTPS client to
obtain the configuration profile from the provisioning server. To prevent this kind of
attack, each ATA also carries a unique client certificate, signed by Cisco, including
identifying information about each individual endpoint. A certificate authority root
certificate capable of authenticating the device client certificate is given to each
service provider. This authentication path allows the provisioning server to reject
unauthorized requests for configuration profiles.
Certificate Structure
The combination of a server certificate and a client certificate ensures secure
communication between a remote ATA and its provisioning server. The
"Certificate Authority Flow"
certificates, public/private key pairs, and signing root authorities, among the Cisco
client, the provisioning server, and the certification authority.
The upper half of the diagram shows the Provisioning Server Root Authority that is
used to sign the individual provisioning server certificate. The corresponding root
certificate is compiled into the firmware, allowing the ATA to authenticate
authorized provisioning servers.
figure illustrates the relationship and placement of
4
59
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco SPA1112

Related Products for Cisco SPA1112

This manual is also suitable for:

Spa232dSpa122

Table of Contents