cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2728
Views
6
Helpful
14
Replies

CISCO DECT 210 HTTPS-Certificate

drehstrom
Level 1
Level 1

Hi there,

I'm trying to get my own certificate into a CISCO 210 DECT base station. So far I managed to upload the root-CA but I can't upload the machine certificate. I assume, I don't use the right format so the upload fails but I can't find helpful instruction which files in which format the base-station expects. The manual states only that it expects a "DER-encoded binary X.509" and the software expects a "Device Certificate an Key Pair". I tried lots of combinations of different formats but no luck so far.

Maybe someone can provide some info which files and formats to use.

Thanks
Stephan

1 Accepted Solution

Accepted Solutions

Geovani
Cisco Employee
Cisco Employee

Hi there, 

Unfortunately this is not available for the newer firmware any more. It has been taken out by the dev team. 

 

View solution in original post

14 Replies 14

Geovani
Cisco Employee
Cisco Employee

Hi,

Are you trying to get the DBS 210 cert signed by a CA and upload it back to the base?

Whats is the end goal?

Thanks 

 

Yes, that is exactly what I'm trying to do.

Just want to get rid of the "Website not trusted" remark without installing a self-signed certificate. We got our own CA (Microsoft based) and I want to upload a proper certificate signed by us for the https configuration site of the base station.

Hi,

What firmware are you using? 

What you're tying to achieve is possible. The cert needs to be DER encoded binary X.509. 

Please try it and let me know if it works. 

 

Thanks 

Geovani 

Hi,

sorry for the late reply (been on vacation). Firmware version is IPDECT-V2/04.50/B0008/12-Feb-2019 16:46.

I nearly tried every possible format and combination. I'm still not sure what is meant by "Import Device Certificate and Key Pair". How should I export a certificate including BOTH keys in one file? That's nonsense - especially as X.509...

So I assume I am to export certificate and keys in different files but then I need to know which file in which format. Certificate in DER X.509 and what about the keys??? (Btw. I tried some combinations but still no luck...)

Hi, 

4.50 is a very old fw. Can you please download the latest on CCO. 4.80 b12 and try again? 

 

Thanks 

Geovani

Just upgraded to the newest version available. But now I ran into a new problem. After rebooting I was forced to register a new account ("user") and using this for logging in worked just fine. But therefor my admin account doesn't work anymore. Every thinkable standard combination isn't working and as "user" I have very limited possibilities, narrowing down to Home, User and Logout

I assume I can't edit nor see the rest as "user" but what happened to my admin password? I don't want to reset the whole station - there has to be another solution!

Hi 

Did you change the admin password from Default? 

If the admin password was not changed, it should still work. 

The only way i think for recovering is to reset the base to factory default.

Of course I did change the default admin password, but it's not working anymore.

I'm not sure but when configuring the station for the first time there was no default password (can't find any hint in the manuals either). I tried "admin", "administrator", "cisco" but nothing works so far.

Hi 

Are you using a provisioning server?

You can try and provision the admin password again using a provisioning server. Use <Admin_Password>**********</Admin_Password>

drehstrom
Level 1
Level 1

Hi Geovani,

first of all, I'd like to thank you for your efforts and patience so far.

I'm not sure about your last question, we do have a CUCM for provisionig the rest of our phones but I found a thread, that I can't use it for provisioning DECT 210 (https://community.cisco.com/t5/ip-telephony-and-phones/ip-dect-6800-ip-dect-210-in-cucm/td-p/3877024)

So I configured the station as a 3rd party device right from the beginning. Has there been a change along with the new firmware or isn't the CUCM what you had in mind as provisioning server?

Thanks again for your help.

Hi there, 

Although DECT isn't supported, in this case CUCM is your provisioning server.

I'm not sure its the case here, but the reason why I asked about the provisioning server, is that sometimes it pushes admin credentials to the base. 

If you're still locked out of the base station, I think the best thing to do at this point is to factory reset it. 

Hi Geovani,

I'm back in business. Thanks to TAC I was now able to regain administration rights. First thing I upgraded the station to the latest firmware (0501/0107). After reconfiguring everything, I tried to upload a self signed certificate. Since the upgrade some things look different. On the security page I see three types of certificates
- Device Identity (that's the one I'd like to replace)
- Trusted Server Certificates (these seem to be intermediates)
- Trusted Root Certificates (here I successfully uploaded our own root CA)

But now I don't know how to proceed? Where can I upload the new SSL certificate?

Geovani
Cisco Employee
Cisco Employee

Hi there, 

Unfortunately this is not available for the newer firmware any more. It has been taken out by the dev team. 

 

Thanks for clarifying.
I don't know why cisco removes useful features. So I do have to fall back to html or distribute the self-signed certificate. Both are not state of the art and indisputible not what's my opinion of security. Anyway I seem to get used to it just as I have to get used to disappointments using cisco stuff...