Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1269
Views
0
Helpful
2
Replies

How to Upload TLS Root certificate on SPA5XX phones

Go to solution
ADAM CRISP
Level 4
Level 4

‎09-29-2011 04:17 AM - edited ‎03-21-2019 04:44 AM

Hello,

I am trying to find out how to upload our Root certificate to a SPA phone so we can use TLS for SIP signaling, and therefore have the phone trust our SBC's.

Please advise on how to do this.

Kind regards

Adam

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nseto
Level 6
Level 6

‎09-30-2011 01:37 PM

If you've submitted a request for a cert to do https provisioning previously, you may already have the combinedca file that does the client auth.  Note as per below paragraph states, this is an optional addtional security measure.

When the TLS feature is enabled, the SPA initiates a TLS session to the SBC. The SBC

returns a public certificate to the SPA. The SPA uses this information to create a shared secret

and performs the key exchange with the SBC. The SPA then initiates a session using the

shared secret to encrypt the signaling path to the SBC. As an additional security measure, the

SBC could authenticate the SPA provided the SBC has the correct client root certificate.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
nseto
Level 6
Level 6

‎09-30-2011 01:37 PM

If you've submitted a request for a cert to do https provisioning previously, you may already have the combinedca file that does the client auth.  Note as per below paragraph states, this is an optional addtional security measure.

When the TLS feature is enabled, the SPA initiates a TLS session to the SBC. The SBC

returns a public certificate to the SPA. The SPA uses this information to create a shared secret

and performs the key exchange with the SBC. The SPA then initiates a session using the

shared secret to encrypt the signaling path to the SBC. As an additional security measure, the

SBC could authenticate the SPA provided the SBC has the correct client root certificate.

0 Helpful

Go to solution
ADAM CRISP
Level 4
Level 4
In response to nseto

‎10-05-2011 02:16 AM

Thank you.

We now have SPA phones working with TLS/sRTP on our network and are enjoying the audio "bling beep" indicating that this is working.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents