When this form of encryption is used on a configuration profile, the phone must be informed of the secret key
value to decrypt the file. This value is specified as a qualifier in the profile URL. The syntax is as follows,
using an explicit URL:
[--key “SecretPhrase1234”] http://prov.telco.com/path/profile.cfg
This value is programmed by using one of the Profile_Rule parameters. The key must be preprovisioned into
the unit at an earlier time. Bootstrap of the secret key can be accomplished securely by using HTTPS.
Pre-encrypting configuration profiles offline, with symmetric key encryption, allows the use of HTTP for
resyncing profiles. The provisioning server uses HTTPS to handle initial provisioning of the phone after
deployment. This feature reduces the load on the HTTPS server in large-scale deployments.
The final filename does not require a specific format, but a filename that ends with the .cfg extension
normally indicates a configuration profile.
Related Topics
Encrypt a Profile with OpenSSL, on page 59
Macro Expansion
Several provisioning parameters undergo macro expansion internally prior to being evaluated. This preevaluation
step provides greater flexibility in controlling the phone resync and upgrade activities.
These parameter groups undergo macro expansion before evaluation:
•
Resync_Trigger_*
•
Profile_Rule*
•
Log_xxx_Msg
•
Upgrade_Rule
Under certain conditions, some general-purpose parameters (GPP_*) also undergo macro expansion, as
explicitly indicated in Optional Resync Arguments, on page 20.
During macro expansion, the contents of the named variables replace expressions of the form $NAME and
$(NAME). These variables include general-purpose parameters, several product identifiers, certain event
timers, and provisioning state values. For a complete list, see Macro Expansion Variables, on page 67.
In the following example, the expression $(MAU) is used to insert the MAC address 000E08012345.
The administrator enters: $(MAU)config.cfg
The resulting macro expansion for a device with MAC address 000E08012345 is:
000E08012345config.cfg
If a macro name is not recognized, it remains unexpanded. For example, the name STRANGE is not recognized
as a valid macro name, while MAU is recognized as a valid macro name.
The administrator enters: $STRANGE$MAU.cfg
The resulting macro expansion for a device with MAC address 000E08012345 is:
$STRANGE000E08012345.cfg
Macro expansion is not applied recursively. For example, $$MAU” expands into $MAU” (the $$ is expanded),
and does not result in the MAC address.
Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide
17
Provisioning Scripts
Open Profile Encryption with AES
To Next Page
Loading...
Need help?
General
