Multiplatform Phone Ca Client Root Certificate - Cisco 8800 Series Manual
Hide thumbs
Also See for 8800 Series:
- Administration manual (406 pages) ,
- User manual (218 pages) ,
- Hardware installation manual (140 pages)
Table of Contents
Advertisement
Multiplatform Phone CA Client Root Certificate
• MD5
• SHA1
• SHA256
Cisco recommends that you select SHA256 encryption.
Step 6
From the Sign in Duration drop-down list box, select the applicable duration (for example, 1 year).
Step 7
Click Sign Certificate Request.
Step 8
Select one of the following options to receive the signed certificate:
• Enter Recipient's Email Address—If you wish to receive the certificate via email, enter your email
• Download—If you wish to download the signed certificate, select this option.
Step 9
Click Submit.
The signed server certificate is either emailed to the email address previously provided or downloaded.
Multiplatform Phone CA Client Root Certificate
Cisco also provides a Multiplatform Phone Client Root Certificate to the service provider. This root certificate
certifies the authenticity of the client certificate that each phone carries. The Multiplatform Phones also support
third-party signed certificates such as those provided by Verisign, Cybertrust, and so on.
The unique client certificate that each device offers during an HTTPS session carries identifying information
that is embedded in its subject field. This information can be made available by the HTTPS server to a CGI
script invoked to handle secure requests. In particular, the certificate subject indicates the unit product name
(OU element), MAC address (S element), and serial number (L element).
The following example from the Cisco IP Phone 8841 Multiplatform Phones client certificate subject field
shows these elements:
OU=CP-8841-3PCC, L=88012BA01234, S=000e08abcdef
To determine if a phone carries an individualized certificate, use the $CCERT provisioning macro variable.
The variable value expands to either Installed or Not Installed, according to the presence or absence of a
unique client certificate. In the case of a generic certificate, it is possible to obtain the serial number of the
unit from the HTTP request header in the User-Agent field.
HTTPS servers can be configured to request SSL certificates from connecting clients. If enabled, the server
can use the Multiplatform Phone Client Root Certificate that Cisco supplies to verify the client certificate.
The server can then provide the certificate information to a CGI for further processing.
The location for certificate storage may vary. For example, in an Apache installation, the file paths for storage
of the provisioning server-signed certificate, its associated private key, and the Multiplatform Phone CA client
root certificate are as follows:
# Server Certificate:
SSLCertificateFile /etc/httpd/conf/provserver.crt
# Server Private Key:
SSLCertificateKeyFile /etc/httpd/conf/provserver.key
Cisco IP Phone 8800 Series Multiplatform Phone Administration Guide for Release 11.3(1) and Later
124
address in this field.
Cisco IP Phone Configuration
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
