Cisco SPA901-UK Provisioning Guide - Page 19
Client Certificates, Certificate Structure, Provisioning Cisco Small Business VoIP Devices
UPC - 745883570751
View all Cisco SPA901-UK manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 Client Certificates In addition to a direct attack on an IP Telephony device, an attacker might attempt to contact a provisioning server by using a standard web browser or another HTTPS client to obtain the configuration profile from the provisioning server. To prevent this kind of attack, each IP Telephony device also carries a unique client certificate, also signed by Cisco, including identifying information about each individual endpoint. A certificate authority root certificate capable of authenticating the device client certificate is given to each service provider. This authentication path allows the provisioning server to reject unauthorized requests for configuration profiles. Certificate Structure The combination of a server certificate and a client certificate ensures secure communication between a remote IP Telephony device and its provisioning server. The Certificate Authority Flow figure illustrates the relationship and placement of certificates, public/private key pairs, and signing root authorities, among the Cisco client, the provisioning server, and the certification authority. The upper half of the diagram shows the Provisioning Server Root Authority that is used to sign the individual provisioning server certificate. The corresponding root certificate is compiled into the firmware, allowing the IP Telephony device to authenticate authorized provisioning servers. Cisco Small Business IP Telephony Devices Provisioning Guide 18