Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
SPA Certificate Authority (CA) List
Cisco SPA series phones and ATAs can use certificate-authenticated HTTPS (SSL) sessions to ensure secure provisioning. For a provisioning server to be acceptable to the SPA phone or ATA, the server must present a certificate signed by Cisco's Certificate Authority (CA).
Over the years, we have added certificate authorities (CA) as needed and for administrative reasons.
If your SPA1xx or SPA232D ATA or SPA5xx IP Phone is running current or newer firmware, 1.3.3 or 7.5.6 respectively, use the newer "Cisco 2k Small Business CA" even though you could use any of the older CAs.
A HTTPS server used for device provisioning must use a certificate signed by the appropriate CA for the device.
Informations in such documents seems to be either obsolete or invalid from scratch. Most devices accept more than one CA, so multiple HTTPS server as suggested by document may be overkill in some cases. But I will leave original ocument above, because I can't test all types and firmware versions.
See table bellow for real cross-compatibility list. It is based on real test of mentioned devices.
Note: according Verisign (now Symantec) tech support, VeriSign Class 3 Secure Server CA based certificates are no longer issued. Class 3 Public Primary Certification Authority rooted certificates are sold under product name "Secure Site" and "Secure Site Pro".