3. The device is now switched to encryption mode, and it downloads the encrypted version of the standard
configuration file again by changing the file extension to ".enc".
SIP Phone
Download the initial
configuration file
Download the encrypted
device configuration file
Provisioning Server
HTTP GET x.x.x.x/Config{MAC}.cfg
HTTP GET x.x.x.x/{MODEL}.cfg
Key obtained
Download the device
configuration file
HTTP GET x.x.x.x/Config{MAC}.enc
Encrypted file
Note
•When more than one device configuration file is being used, the device downloads the encrypted
version of all the device configuration files.
2.6.2 Using HTTPS When Transferring Configuration FilesHTTPS can be used to secure provisioning connections. This method uses TLS to establish a secure
connection, which involves client/server authentication using an x.509 certificate.
Note
•The following certificates and keys are installed on the unit:
–Client certificate and private key
–Root CA certificate
•Supported certificate format: ".pem"
Root certificate updating
Root certificates can be loaded or updated via provisioning by specifying the certificates’ URL in the initial
configuration file. The device checks if the root certificate URL has changed and then downloads the root
certificate sequentially.
Document Version 2014-05 Administrator Guide 49
2.6.2 Using HTTPS When Transferring Configuration Files