Cisco SPA921 - - IP Phone Provisioning Manual page 29

Voice system, voice gateways, and ip telephones

Hide thumbs Also See for SPA921 - Cisco - IP Phone:

Quick start manual (2 pages)

Administration manual (286 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

page of 116

/ 116
Contents
Table of Contents
Bookmarks

Table of Contents

Provisioning Cisco Small Business VoIP Devices

Provisioning Setup

Cisco Small Business IP Telephony Devices Provisioning Guide

In addition, Cisco also provides a Sipura CA Client Root Certificate to the service

provider. This root certificate certifies the authenticity of the client certificate

carried by each IP Telephony Device.

The unique client certificate offered by each device during an HTTPS session

carries identifying information embedded in its subject field. This information can

be made available by the HTTPS server to a CGI script invoked to handle secure

requests. In particular, the certificate subject indicates the unit product name (OU

element), MAC address (S element), and serial number (L element). The following

is an example of these elements from a SPA962 client certificate subject field:

OU=SPA-962, L=88012BA01234, S=000e08abcdef

Early units, manufactured before firmware 2.0.x, do not contain individual SSL

client certificates. When these units are upgraded to a firmware release in the

2.0.x tree, they become capable of connecting to a secure server using HTTPS,

but are only able to supply a generic client certificate if requested to do so by the

server. This generic certificate contains the following information in the identifying

fields:

OU=cisco.com, L=ciscogeneric, S=ciscogeneric

To determine if an IP Telephony Device carries an individualized certificate use the

$CCERT provisioning macro variable, whose value expands to either Installed or

Not Installed, according to the presence or absence of a unique client certificate.

In the case of a generic certificate, it is possible to obtain the serial number of the

unit from the HTTP request header, in the User-Agent field.

HTTPS servers can be configured to request SSL certificates from connecting

clients. If enabled, the server can verify the client certificate by using the Sipura

CA Client Root Certificate supplied by Cisco. It can then provide the certificate

information to a CGI for further processing.

The location for storing certificates may vary. For example, on a Apache

installation, the file paths for storing the provisioning server signed certificate, its

associated private key, and the Sipura CA client root certificate are likely to be as

follows:

# Server Certificate:

SSLCertificateFile /etc/httpd/conf/provserver.crt

# Server Private Key:

SSLCertificateKeyFile /etc/httpd/conf/provserver.key

# Certificate Authority (CA):

SSLCACertificateFile /etc/httpd/conf/spacroot.crt

Table of Contents

This manual is also suitable for:

Spa922 - ip phone with switch Spa942 - cisco - ip phone Spa9000 Pap2t Spa2102 Spa3102 ... Show all

Cisco SPA921 - - IP Phone Provisioning Manual page 29

Related Manuals for Cisco SPA921 - Cisco - IP Phone

Related Products for Cisco SPA921 - Cisco - IP Phone

This manual is also suitable for:

Table of Contents