Linksys SPA921 Cisco Small Business IP Telephony Devices Provisioning Guide - Page 74

Provisioning Tutorial Secure Resync 3 STEP 6 In the HTTP server logs, observe how information identifying the test IP Telephony Device appears in the log of user agents. This should include the manufacturer, product name, current firmware version, and serial number. Secure Resync This section demonstrates the preferred mechanisms available on the IP Telephony Device for securing the provisioning process. It includes the following topics: • Basic HTTPS Resync, page 72 • HTTPS With Client Certificate Authentication, page 74 • HTTPS Client Filtering and Dynamic Content, page 75 Basic HTTPS Resync HTTPS adds SSL to HTTP for remote provisioning so that: • The IP Telephony Device can authenticate the provisioning server. • The provisioning server can authenticate the IP Telephony Device. • The confidentiality of information exchanged between the IP Telephony Device and the provisioning server is ensured through encryption. SSL generates and exchanges secret (symmetric) keys for each connection between the IP Telephony Device and the server, using public/private key pairs preinstalled in the IP Telephony Device and the provisioning server. On the client side, using HTTPS (with the GET method), simply requires changing the definition of the URL in the Profile_Rule parameter from http to https. On the server side, the service provider must install and set up the HTTPS server. In addition, an SSL server certificate signed by Cisco must be installed on the provisioning server. The devices cannot resync to a server using HTTPS, unless the server supplies a Cisco-signed server certificate. Cisco Small Business IP Telephony Devices Provisioning Guide 72