Enabling Https - Cisco SPA921 - - IP Phone Provisioning Manual

Voice system, voice gateways, and ip telephones

Hide thumbs Also See for SPA921 - Cisco - IP Phone:

Quick start manual (2 pages)

Administration manual (286 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

page of 116

/ 116
Contents
Table of Contents
Bookmarks

Table of Contents

Provisioning Cisco Small Business VoIP Devices

Provisioning Setup

Cisco Small Business IP Telephony Devices Provisioning Guide

Enabling HTTPS

For increased security managing remotely deployed units, the IP Telephony

Device supports HTTPS for provisioning. To this end, each newly manufactured IP

Telephony Device carries a unique SLL Client Certificate (and associated private

key), in addition to a Sipura CA server root certificate. The latter allows the IP

Telephony Device to recognize authorized provisioning servers, and reject non-

authorized servers. On the other hand, the client certificate allows the provisioning

server to identify the individual device that issues the request.

In order for a service provider to manage deployment by using HTTPS, a server

certificate needs to be generated for each provisioning server to which the IP

Telephony Device resyncs using HTTPS. The server certificate must be signed by

the Cisco Server CA Root Key, whose certificate is carried by all deployed units.

To obtain a signed server certificate, the service provider must forward a

certificate signing request to Cisco, which signs and returns the server certificate

for installation on the provisioning server.

The provisioning server certificate must contain in the subject Common Name (CN

field) the FQDN of the host running the server. It may optionally contain additional

information following the host FQDN, separated by a / character. The following are

examples of CN entries that would be accepted as valid by the IP Telephony

Device:

CN=sprov.callme.com

CN=pv.telco.net/mailto:admin@telco.net

CN=prof.voice.com/info@voice.com

In addition to verifying the server certificate, the IP Telephony Device tests the

server IP address against a DNS lookup of the server name specified in the server

certificate.

A certificate signing request can be generated using the OpenSSL utility. The

following shows an example of the openssl command that produces a 1024-bit

RSA public/private key pair and a certificate signing request:

openssl req –new –out provserver.csr

This command generates the server private key in privkey.pem and a

corresponding certificate signing request in provserver.csr. In this example, the

service provider keeps privkey.pem secret and submits provserver.csr to Cisco

for signing. Upon receiving the provserver.csr file, Cisco generates provserver.crt,

the signed server certificate.

Table of Contents

This manual is also suitable for:

Spa922 - ip phone with switch Spa942 - cisco - ip phone Spa9000 Pap2t Spa2102 Spa3102 ... Show all

Enabling Https - Cisco SPA921 - - IP Phone Provisioning Manual

Enabling HTTPS

Related Manuals for Cisco SPA921 - Cisco - IP Phone

Related Products for Cisco SPA921 - Cisco - IP Phone

This manual is also suitable for:

Table of Contents