See inline On Thu, Aug 9, 2012 at 8:18 AM, Gerald Drouillard <[email protected]>wrote:
> On 8/9/2012 12:31 AM, Josh Patten wrote: > > I've updated http://track.sipfoundry.org/browse/XX-5838 with a patch > that allows HTTPS provisioning. It should be noted that this does not work > unless you have a SSL cert that is verified by one of the major cert > providers like verisign, or you manually import the self-signed CA from > sipX on each polycom phone, or in the case of Bria, each desktop machine's > trusted certificate store. > > > Thanks Josh. Just a few questions: > > In order to user HTTPS provisioning with authentication a phone will need > to be loaded with the (self-signed) Trusted CA certificate, and be > programmed with the Username and Password (PIN) for authentication. > > No, the patch I wrote simply incorporates the current default passwords. Nothing special here. With regard to certs, however, if you're using a self signed cert you will have to load it individually on every phone. If you use a cert from a well known certification authority you don't have to worry about this. > Does each phone have a unique username and unique password? > > The current TFTP and FTP access to phone profile will be maintained for > the time being. The new HTTPS docroot will use the same location as the > existing TFTP and FTP roots. > > For most of my installs, sipx is behind a firewall. Is it possible to > specify the port somewhere. Many installs have only 1 public IP address > and host their own web services many of which use port already 443. You > can still use https but on a different port. The change in an Apache > config is trivial. > That's what I did. Apache fronts everything on this install. Port 443 is used for config and provisioning. check out the apache config patch to see what I'm talking about. > > > -- > Regards > -------------------------------------- > Gerald Drouillard > Technology Architect > Drouillard & Associates, Inc.http://www.Drouillard.biz > > > _______________________________________________ > sipx-dev mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > -- Josh Patten eZuce Solutions Architect O.978-296-1005 X2050 M.979-574-5699 http://www.ezuce.com
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
