Provisioning Tutorial
Secure Resync
STEP 6 In the HTTP server logs, observe how information identifying the test IP Telephony
Secure Resync
Cisco Small Business IP Telephony Devices Provisioning Guide
Device appears in the log of user agents.
This should include the manufacturer, product name, current firmware version, and
serial number.
This section demonstrates the preferred mechanisms available on the IP
Telephony Device for securing the provisioning process. It includes the following
topics:
•
Basic HTTPS Resync, page 70
•
HTTPS With Client Certificate Authentication, page 72
•
HTTPS Client Filtering and Dynamic Content, page 73
Basic HTTPS Resync
HTTPS adds SSL to HTTP for remote provisioning so that:
•
The IP Telephony Device can authenticate the provisioning server.
•
The provisioning server can authenticate the IP Telephony Device.
•
The confidentiality of information exchanged between the IP Telephony
Device and the provisioning server is ensured through encryption.
SSL generates and exchanges secret (symmetric) keys for each connection
between the IP Telephony Device and the server, using public/private key pairs
preinstalled in the IP Telephony Device and the provisioning server.
On the client side using HTTPS (with the GET method) simply requires changing
the definition of the URL in the Profile_Rule parameter from http to https. On the
server side, the service provider must install and set up the HTTPS server.
In addition, an SSL server certificate signed by Cisco must be installed on the
provisioning server. The devices cannot resync to a server using HTTPS, unless
the server supplies a Cisco-signed server certificate.
3
70