Phone BehaviorDescriptionHTTP Status Code
Phone behavior is C.The server is acting as a gateway or proxy
and receives an invalid response from the
upstream server.
502 Bad Gateway
Phone behavior is C.The server is currently unavailable
(overloaded or down for maintenance). This
is a temporary state.
503 Service
Unavailable
CThe server behaves as a gateway or proxy and
does not receive timely response from the
upstream server.
504 Gateway Timeout
COther server error5xx
HTTPS Provisioning
The phone supports HTTPS for provisioning for increased security in managing remotely deployed units.
Each phone carries a unique SLL Client Certificate (and associated private key), in addition to a Sipura CA
server root certificate. The latter allows the phone to recognize authorized provisioning servers, and reject
non-authorized servers. On the other hand, the client certificate allows the provisioning server to identify the
individual device that issues the request.
For a service provider to manage deployment by using HTTPS, a server certificate must be generated for each
provisioning server to which a phone resyncs by using HTTPS. The server certificate must be signed by the
Cisco Server CA Root Key, whose certificate is carried by all deployed units. To obtain a signed server
certificate, the service provider must forward a certificate signing request to Cisco, which signs and returns
the server certificate for installation on the provisioning server.
The provisioning server certificate must contain the Common Name (CN) field, and the FQDN of the host
running the server in the subject. It might optionally contain information following the host FQDN, separated
by a slash (/) character. The following examples are of CN entries that are accepted as valid by the phone:
CN=sprov.callme.com
CN=pv.telco.net/mailto:admin@telco.net
CN=prof.voice.com/info@voice.com
In addition to verifying the server certificate, the phone tests the server IP address against a DNS lookup of
the server name that is specified in the server certificate.
Get a Signed Server Certificate
The OpenSSL utility can generate a certificate signing request. The following example shows the openssl
command that produces a 1024-bit RSA public/private key pair and a certificate signing request:
openssl req –new –out provserver.csr
This command generates the server private key in privkey.pem and a corresponding certificate signing request
in provserver.csr. The service provider keeps the privkey.pem secret and submits provserver.csr to Cisco
Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide
41
In-House Preprovisioning and Provisioning Servers
HTTPS Provisioning
To Next Page
Loading...
Need help?
General
