Compression must precede encryption for the phone to recognize a compressed and encrypted XML profile.
Note
For integration into customized back-end provisioning server solutions, the open source zlib compression
library can be used in place of the standalone gzip utility to perform the profile compression. However, the
phone expects the file to contain a valid gzip header.
Procedure
Step 1 Install gzip on the local PC.
Step 2 Compress the basic.txt configuration profile (described in TFTP Resync, on page 41) by invoking gzip
from the command line:
gzip basic.txt
This generates the deflated file basic.txt.gz.
Step 3 Save the basic.txt.gz file in the TFTP server virtual root directory.
Step 4 Modify the Profile_Rule on the test device to resync to the deflated file in place of the original XML file, as
shown in the following example:
tftp://192.168.1.200/basic.txt.gz
Step 5 Click Submit All Changes.
Step 6 Observe the syslog trace from the phone.
Upon resync, the phone downloads the new file and uses it to update its parameters.
Encrypt a Profile with OpenSSL
A compressed or uncompressed profile can be encrypted (however, a file must be compressed before it is
encrypted). Encryption is useful when the confidentiality of the profile information is of particular concern,
such as when TFTP or HTTP is used for communication between the phone and the provisioning server.
The phone supports symmetric key encryption by using the 256-bit AES algorithm. This encryption can be
performed by using the open source OpenSSL package.
Procedure
Step 1 Install OpenSSL on a local PC. This might require that the OpenSSL application be recompiled to enable
AES.
Step 2 Using the basic.txt configuration file (described in TFTP Resync, on page 41), generate an encrypted file
with the following command:
Cisco IP Phone 8800 Series Multiplatform Phone Administration Guide for Release 11.3(1) and Later
64
Cisco IP Phone Provisioning
Encrypt a Profile with OpenSSL
To Next Page
Loading...
Need help?
General