Get A Signed Server Certificate - Cisco 8800 Series Manual
Hide thumbs
Also See for 8800 Series:
- Administration manual (406 pages) ,
- User manual (218 pages) ,
- Hardware installation manual (140 pages)
Table of Contents
Advertisement
Cisco IP Phone Configuration
non-authorized servers. On the other hand, the client certificate allows the provisioning server to identify the
individual device that issues the request.
For a service provider to manage deployment by using HTTPS, a server certificate must be generated for each
provisioning server to which a phone resyncs by using HTTPS. The server certificate must be signed by the
Cisco Server CA Root Key, whose certificate is carried by all deployed units. To obtain a signed server
certificate, the service provider must forward a certificate signing request to Cisco, which signs and returns
the server certificate for installation on the provisioning server.
The provisioning server certificate must contain the Common Name (CN) field, and the FQDN of the host
running the server in the subject. It might optionally contain information following the host FQDN, separated
by a slash (/) character. The following examples are of CN entries that are accepted as valid by the phone:
CN=sprov.callme.com
CN=pv.telco.net/mailto:admin@telco.net
CN=prof.voice.com/info@voice.com
In addition to verifying the server certificate, the phone tests the server IP address against a DNS lookup of
the server name that is specified in the server certificate.
Get a Signed Server Certificate
The OpenSSL utility can generate a certificate signing request. The following example shows the openssl
command that produces a 1024-bit RSA public/private key pair and a certificate signing request:
openssl req –new –out provserver.csr
This command generates the server private key in privkey.pem and a corresponding certificate signing
request in provserver.csr. The service provider keeps the privkey.pem secret and submits
provserver.csr to Cisco for signing. Upon receiving the provserver.csr file, Cisco generates
provserver.crt, the signed server certificate.
Procedure
Step 1
Navigate to
Note
Step 2
Select Certificate Management.
On the Sign CSR tab, the CSR of the previous step is uploaded for signing.
Step 3
From the Select Product drop-down list box, select SPA1xx firmware 1.3.3 and newer/SPA232D firmware
1.3.3 and newer/SPA5xx firmware 7.5.6 and newer/CP-78xx-3PCC/CP-88xx-3PCC.
Step 4
In the CSR File field, click Browse and select the CSR for signing.
Step 5
Select the encryption method:
https://software.cisco.com/software/cda/home
When a phone connects to a network for the first time or after a factory reset, and there are no DHCP
options set up, it contacts a device activation server for zero touch provisioning. New phones use
"activate.cisco.com" instead of "webapps.cisco.com" for provisioning. Phones with firmware release
earlier than 11.2(1) continues to use "webapps.cisco.com". We recommend that you allow both the
domain names through your firewall.
Cisco IP Phone 8800 Series Multiplatform Phone Administration Guide for Release 11.3(1) and Later
Get a Signed Server Certificate
and log in with your CCO credentials.
123
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
