12-01-2016 07:27 AM - edited 03-21-2019 09:01 AM
We facing question when we would like configure XML Service (Directory) over the internet, using HTTPS URL.
When we tried configured Directory Service URL as http, we were successfull.
Have you any idea what is necessary when we would like to use HTTPS ?
I was reading documentations for provisoning on cisco SPA where was this note:
"For a service provider to manage deployment by using HTTPS, a server certificate
must be generated for each provisioning server to which an IP Telephony device
resyncs by using HTTPS. The server certificate must be signed by the Cisco
Server CA Root Key, whose certificate is carried by all deployed units. To obtain a
signed server certificate, the service provider must forward a certificate signing
request to Cisco, which signs and returns the server certificate for installation on
the provisioning server."
Am I correct, we will need a Cisco signs certificate on server where is Directory XML, or this will be necessary only in SPA provisioning ?
12-01-2016 08:06 AM
SPA devices are covered in the SMB area, might want to move your thread over there.
12-06-2016 04:31 AM
Any ideas pls ?
12-06-2016 08:34 AM
It seems no one can answer. We use no HTTPS for XML Directory access. But it's so easy to try it, thus you need no answer to discover the truth ...
Well, I will guess ...
A SSL client must recognize server's certificate as trusted. E.g. it must be issued by (directly on indirectly) root authority recognized by client. There are Cisco's root CA embedded (thus trusted), moreover, you can att another one certificate by provisioning.
XML Directory server needs to have certificate issued by any of them.
Again - just blindly guessing, so try it by self.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide