Https With Client Certificate Authentication - Cisco SPA921 - - IP Phone Provisioning Manual

Voice system, voice gateways, and ip telephones

Hide thumbs Also See for SPA921 - Cisco - IP Phone:

Quick start manual (2 pages)

Administration manual (286 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

page of 116

/ 116
Contents
Table of Contents
Bookmarks

Table of Contents

Provisioning Tutorial

Secure Resync

STEP 9

STEP 10

STEP 11

STEP 12

STEP 13

Cisco Small Business IP Telephony Devices Provisioning Guide

Inspect the server certificate supplied by the server.

The browser probably does not recognize it as valid unless the browser has been

preconfigured to accept Cisco as a root CA. However, the IP Telephony Devices

expect the certificate to be signed this way.

Modify the Profile_Rule of the test device to contain a reference to the HTTPS

server in place of the HTTP server, for example:

https://my.server.com/basic.txt

This example assumes the name of the HTTPS server is my.server.com.

Click Submit All Changes.

Observe the syslog trace sent by the IP Telephony Device.

The syslog message should indicate that the resync obtained the profile from the

HTTPS server.

(Optional) Use an Ethernet protocol analyzer on the IP Telephony Device subnet to

verify that the packets are encrypted.

In this exercise, client certificate verification is not yet enabled, use a browser to

request the profile stored in basic.txt.

At this point, the connection between IP Telephony Device and server is

encrypted. However, the transfer is not secure because any client can connect to

the server and request the file, given knowledge of the file name and directory

location. For secure resync, the server must also authenticate the client, as

demonstrated in the next exercise.