HTTPS provisioning

What is the best way to handle secure, remote provisioning for remote workers? Most of our phones support HTTPS provisioning. I have a few clients that connect to different FreePBX boxes on different servers. I have endpoint manager, but I would like to set up one central provisioning server for all of these clients. In other words, I want everyone to go to one URL to get their configuration, and I need to do it in the most secure way possible. What is the recommended way to achieve this? Keep in mind, that I want to keep it as simple as possible for the client when they get a new phone.