Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2491
Views
0
Helpful
15
Replies

Need signed certificate for secure provisioning SPA 500 series phones

Go to solution
dogatemycomputer
Level 1
Level 1

‎12-14-2013 01:55 AM - edited ‎03-21-2019 07:58 AM

Greetings,

We are an ITSP who offers customers free or reduced cost phones with contract.   We move about 4000 phones/year and we are on target to move approximately 6000 phones during 2014.  

The phones must be securely locked to protect against tampering and theft.  Honestly we find Cisco's support to be so poor we have opted for better quality products such as Grandstream and Polycom that include this service and support out of the box.

Since we need a Cisco signed certificiate to accomplish secure provisioning we decided to RTFM.   This manual says to send our CSR to certadmin@cisco.com but the bounce back message has determined this to be a lie.  

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/csbpipp/ip_phones/administration/guide/spa500_admin.pdf

Do not be concerned.   We are not heartbroken over your rejection.  In fact it was refreshing to know Cisco's poor product quality and abysmal documentation is worth exactly what you pay your investors: $0.06 every quarter.  In fact we are still trying to understand how you managed to sell Linksys to Belkin. In any case if you would like some help propping up your stock price then we are interested in offering your SPA series phones to our customers.  Of course judging by the poor quality of the support so far..  we doubt that is going to happen. 

Please feel free to surprise us.   We would like a valid, working Cisco email address or phone number that routes to a live, breathing human being who can get us the certificate we require.  Please keep in mind we are here to sell your products.  We are not interested in paying Cisco for a "service contract", spending days in your massive IVR system or trudge through the depths of h*ll so we may kneel and worship before the all-mighty Cisco.   We understand, for the moment, you are a large, multi-national corporation who couldn't care less about our company.  Of course all giants fall when they stop caring about their customers.  Just ask RIM how that worked out for them. 

Thank you and have a good day.

Labels:
0 Helpful
15 Replies 15

Go to solution
Dan Lukes
VIP Alumni
VIP Alumni
In response to ws

‎05-17-2019 10:08 AM

SPA refuses to fetch config from our https provisioning server

You need no Cisco certificate, but you still need certificate issued by authority you trust. You provisioning server have a certificate already - and I assume it has been issued by authority you considered trusted. Just import certificate of such CA into phone (CA Settings -> Custom CA RULE), it become trusted and SPA will refuse to connect to provisioning server no more. Import of certificate is one-time step - it need not to be repeated until reset to factory default.

 

official signed cert

Root authority is either trusted or not. It's matter of SSL peer authentication. No one but you can claim authority trusted - it's the purpose of Custom CA Rule. I'm unsure what you mean claiming certificate "official". But we not to care. Feel free to use such certificate whatever "official" mean - just claim issuing authority trusted.

 

Does this help you a lot ?

 

 

 

0 Helpful
Customers Also Viewed These Support Documents