Linksys SPA921 Cisco Small Business IP Telephony Devices Provisioning Guide - Page 75

Provisioning Tutorial Secure Resync 3 Exercise STEP 1 Install an HTTPS server on a host whose IP address is known to the network DNS server, through normal hostname translation. The open source Apache server can be configured to operate as an HTTPS server, when installed with the open source mod_ssl package. STEP 2 Generate a server Certificate Signing Request for the server. STEP 3 For this step, you may need to install the open source OpenSSL package or equivalent software. If using OpenSSL, the command to generate the basic CSR file is as follows: openssl req -new -out provserver.csr This command generates a public/private key pair, which is saved in the privkey.pem file. STEP 4 Submit the CSR file (provserver.csr) to Cisco for signing. A signed server certificate is returned (provserver.cert) along with a Sipura CA Client Root Certificate, spacroot.cert. STEP 5 Store the signed server certificate, the private key pair file, and the client root certificate in the appropriate locations on the server. In the case of an Apache installation on Linux, these locations are typically as follows: # Server Certificate: SSLCertificateFile /etc/httpd/conf/provserver.cert # Server Private Key: SSLCertificateKeyFile /etc/httpd/conf/pivkey.pem # Certificate Authority: SSLCACertificateFile /etc/httpd/conf/spacroot.cert STEP 6 Restart the server. STEP 7 Copy the basic.txt configuration profile from the earlier exercises onto the virtual root directory of the HTTPS server. STEP 8 Verify proper server operation by downloading basic.txt from the HTTPS server, using a standard browser from the local PC. Cisco Small Business IP Telephony Devices Provisioning Guide 73