Cisco SPA phones, modify EPM to support HTTPS as a provisioning option

I picked up a new client running an old PIAF with Cisco SPA phones on-prem. They have 200 endpoints at 4 locations so replacing all the phones isn’t on the table currently.

I’m migrating them to our cloud infra, and spinning up a new FPBX 14 instance as per our usual methodology. Using TFTP or HTTP for provisioning is no go for security reasons, so I dug into how Cisco phones work with HTTPS provisioning (they DO support that, along with Digest auth). I’ve now got the Cisco cert signing situation squared away and have defined a new apache virtual server instance to serve up the /tftpboot folder using that special cert, so as to not interfere with the stock stuff.
I’ve got a couple of these in my lab and i’ve got the Cisco phones to the point where I can now zero-touch provision them using password protected HTTPS just fine once I edit their XML files manually replacing the HTTP and HTTP Port with HTTPS and HTTPS port respectively. I just need to get EPM to spit out the configs with HTTPS in them already. The gotcha here is EPM, the Cisco brand/templates only let you pick HTTP as a provisioning method. I realize EPM won’t out of the box do HTTPS for Cisco phones because of the oddball cert issue so it makes sense it’s not there out of the box.

The only thing left for me to do before EPM is now fully functional for these Cisco phones is that EPM is missing the option of selecting HTTPS instead of HTTP for the provisioning protocol. I’m not asking for dev to make EPM handle HTTPS on these phones natively, just looking for how to tweak the DB or file(s) to let EPM display HTTPS as an option in the templates like it is for other brand phones.

I’d like to determine where in the database (or file if located there) the brand (and the HTTP/HTTPS options specifically) are stored/defined, so I can flip the switch to allow HTTPS as a choice. That’s literally all I need it to do; just spit out the configs with HTTPS and the HTTPS port instead of HTTP and the HTTP port in the endpoint config files. Everything else is exactly the same.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.