hit counter script

Using Https; Server Certificates; Client Certificates - Cisco SPA942 - - IP Phone Administration Manual

Spa and wireless ip phone
Hide thumbs Also See for SPA942 - Cisco - IP Phone:
Table of Contents

Advertisement

Provisioning Basics

Using HTTPS

Using HTTPS

Cisco SPA and Wireless IP Phone Administration Guide
The Cisco IP phone provides a reliable and secure provisioning strategy based on
HTTPS requests from the Cisco IP phone to the provisioning server, using both
server and client certificates for authenticating the client to the server and the
server to the client.
To use HTTPS with Cisco IP phones, you must generate a Certificate Signing
Request (CSR) and submit it to Cisco. The Cisco IP phone generates a certificate
for installation on the provisioning server that is accepted by Cisco IP phones
when they seek to establish an HTTPS connection with the provisioning server.
The Cisco IP phone implements up to 256-bit symmetric encryption, using the
American Encryption Standard (AES), in addition to 128-bit RC4. The Cisco IP
phone supports the Rivest, Shamir, and Adelman (RSA) algorithm for public/
private key cryptography.

Server Certificates

Each secure provisioning server is issued an secure sockets layer (SSL) server
certificate, directly signed by Cisco. The firmware running on the Cisco IP phone
clients recognizes only these certificates as valid. The clients try to authenticate
the server certificate when connecting via HTTPS, and reject any server
certificate not signed by Cisco.
This mechanism protects the service provider from unauthorized access to the
Cisco IP phone endpoint, or any attempt to spoof the provisioning server. This
might allow the attacker to reprovision the Cisco IP phone to gain configuration
information, or to use a different VoIP service. Without the private key
corresponding to a valid server certificate, the attacker is unable to establish
communication with a Cisco IP phone.

Client Certificates

In addition to a direct attack on the Cisco IP phone, an attacker might attempt to
contact a provisioning server using a standard web browser, or other HTTPS
client, to obtain the Cisco IP phone configuration profile from the provisioning
server. To prevent this kind of attack, each Cisco IP phone also carries a unique
client certificate, also signed by Cisco, including identifying information about
7
145

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Spa922 - ip phone with switchWip310 - iphone wireless voip phonePap2Spa525g - small business pro ip phone voipSpa941 - small business proSpa942-rc - small business pro ... Show all

Table of Contents