Setting up secure provisioning

Some handsets support authenticating using a client certificate offering a more secure way of provisioning.

  1. Go to system > global, open the network > advanced section and set ‘Host name for provisioning URL’.

Global Settings Advanced

  1. Follow the installing a certificate guide. Note: A multi domain certificate is required.
  2. Add DNS entries for both the unit and provisioning host name’s.
  3. Where required, add firewall rules to allow provisioning and secure voice. (Provisioning: 443 TCP, Secure SIP: 5061 TCP, Secure RTP: 10000-20000 UDP)
  4. Go to system > global, open the handsets > secure provision section and check the appropriate options.

Global Settings Handsets

  1. When a handset attempts to provision for the first time it’ll be placed in a demoted list. Go to system > phones and click on the ‘Promote/Demote device’ to promote the phone.

Physical Phone Maintenance

  1. When promoting the handset a target company can be specified. Phones can be pre-promoted/authorised by manually adding the handset onto the system with the correct MAC address, make and model.

Provisioning Management