Https Provisioning; Get A Signed Server Certificate - Cisco 6800 Series Provisioning Manual
Multiplatform phones
Hide thumbs
Also See for 6800 Series:
- Administration manual (358 pages) ,
- User manual (222 pages) ,
- Hardware installation (20 pages)
Table of Contents
Advertisement
In-House Preprovisioning and Provisioning Servers
HTTP Status Code
502 Bad Gateway
503 Service
Unavailable
504 Gateway Timeout
5xx
HTTPS Provisioning
The phone supports HTTPS for provisioning for increased security in managing remotely deployed units.
Each phone carries a unique SLL Client Certificate (and associated private key), in addition to a Sipura CA
server root certificate. The latter allows the phone to recognize authorized provisioning servers, and reject
non-authorized servers. On the other hand, the client certificate allows the provisioning server to identify the
individual device that issues the request.
For a service provider to manage deployment by using HTTPS, a server certificate must be generated for each
provisioning server to which a phone resyncs by using HTTPS. The server certificate must be signed by the
Cisco Server CA Root Key, whose certificate is carried by all deployed units. To obtain a signed server
certificate, the service provider must forward a certificate signing request to Cisco, which signs and returns
the server certificate for installation on the provisioning server.
The provisioning server certificate must contain the Common Name (CN) field, and the FQDN of the host
running the server in the subject. It might optionally contain information following the host FQDN, separated
by a slash (/) character. The following examples are of CN entries that are accepted as valid by the phone:
CN=sprov.callme.com
CN=pv.telco.net/mailto:admin@telco.net
CN=prof.voice.com/info@voice.com
In addition to verifying the server certificate, the phone tests the server IP address against a DNS lookup of
the server name that is specified in the server certificate.
Get a Signed Server Certificate
The OpenSSL utility can generate a certificate signing request. The following example shows the openssl
command that produces a 1024-bit RSA public/private key pair and a certificate signing request:
openssl req –new –out provserver.csr
This command generates the server private key in privkey.pem and a corresponding certificate signing request
in provserver.csr. The service provider keeps the privkey.pem secret and submits provserver.csr to Cisco
Description
The server is acting as a gateway or proxy
and receives an invalid response from the
upstream server.
The server is currently unavailable
(overloaded or down for maintenance). This
is a temporary state.
The server behaves as a gateway or proxy and
does not receive timely response from the
upstream server.
Other server error
Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide
HTTPS Provisioning
Phone Behavior
Phone behavior is C.
Phone behavior is C.
C
C
41
Advertisement
Table of Contents
