Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
3
Replies

SPA502G & Obtaining new certificate with SHA-2

pawel.kolodziej
Level 1
Level 1

‎04-03-2017 09:06 PM - edited ‎03-21-2019 09:05 AM

Hi,

Please provide me information if phone SPA502G will connect to apache when CSR files will be signed with SHA-2 algorithm. 
Additionaly please tell me can be self-signed CSR files? If yes, how to do it?


Thanks in advance,
Pawel

Labels:
0 Helpful
3 Replies 3

Dan Lukes
VIP Alumni
VIP Alumni

‎04-04-2017 12:23 AM

According SPA Certificate Authority (CA) List the SPA5xx can take certificates issued by Linksys CA which use SHA256. So I assume SHA-2 certificates (at least SHA256 kind of them) are supported. But - just try it, you will have more reliable answer then.

 please tell me can be self-signed CSR files

I don't recommend you to use just self signed non-CA certificate for so many reasons. Create self signed CA certificate first then create non-CA certificate signed by it. 

How ? It depend on tools you are using to do all those certificate-related tasks. Follow it's documentation.

0 Helpful

pawel.kolodziej
Level 1
Level 1
In response to Dan Lukes

‎06-30-2017 07:39 PM

Dear Dan,

Sorry for late answer.

I tried to use self-signed certificate with SHA256 and I've got half success.

VoIP phones can connect to the server. They can be unplugged and connected back, phone settings are ok, but after factory reset device is unable to download configuration.

Please correct me if I am wrong. SPA502G are using MD5 algorithm, can it be the reason that why configuration is not downloaded?

0 Helpful

Dan Lukes
VIP Alumni
VIP Alumni
In response to pawel.kolodziej

‎07-01-2017 02:32 AM

Of course. Certificate needs to be trusted, e.g., it needs to be issued by trusted CA. On virgin device, only those CAs burned inside of firmware by Cisco are recognized trusted - thus - your certificate, issued by unknown CA, is considered untrusted and session is cancelled. Configuration is not loaded.

Own CA is suitable only for those devices where you added certificate of CA you are using.

If you wish for zero-touch deployment, you need certificate issued by Cisco - it will be recognized trusted even by virgin device then. Certificates are issued by Cisco for free. Unfortunately, I don't know the correct sequence of steps to request them. Ask Cisco SMB support for help. So sorry, I'm not so familiar with those details in full as I'm using other channel to request Cisco certificates.

0 Helpful
Customers Also Viewed These Support Documents