Provisioning Examples
Secure HTTPS Resync
Provisioning Guide for Cisco SPA100 and SPA200 Series Analog Telephone Adapters 58
4
A similar script could be used to determine information about the resyncing device
and then provide it with appropriate configuration parameter values.
HTTPS Certificates
The ATA provides a reliable and secure provisioning strategy based on HTTPS
requests from the device to the provisioning server. Both a server certificate and a
client certificate are used to authenticate the ATA to the server and the server to
the ATA.
To use HTTPS, you must generate a Certificate Signing Request (CSR) and submit
it to Cisco. Cisco generates a certificate for installation on the provisioning server.
The ATA accepts the certificate when it seeks to establish an HTTPS connection
with the provisioning server.
How HTTPS Works
HTTPS encrypts the communication between a client and a server, protecting the
message contents from other network devices. The encryption method for the
body of the communication between a client and a server is based on symmetric
key cryptography. With symmetric key cryptography, a single secret key is shared
by a client and a server over a secure channel protected by Public/Private key
encryption.
Messages encrypted by the secret key can only be decrypted using the same
key. HTTPS supports a wide range of symmetric encryption algorithms. The ATA
implements up to 256-bit symmetric encryption, using the American Encryption
Standard (AES), in addition to 128-bit RC4.
HTTPS also provides for the authentication of a server and a client engaged in a
secure transaction. This feature ensures that a provisioning server and an
individual client cannot be spoofed by other devices on the network. This is an
essential capability in the context of remote endpoint provisioning.
Server and client authentication is performed by using public/private key
encryption with a certificate that contains the public key. Text that is encrypted
with a public key can be decrypted only by its corresponding private key (and
vice versa). The ATA supports the RSA algorithm for public/private key
cryptography.
To Next Page
Loading...
Need help?
General
