HTTPS is enabled on the server with a valid certificate. I’m able to pull up the HTTPS URL in my browser so I know HTTPS is enabled and working correctly (e.g., something like https://192.168.1.100:1443/spa303.cfg).
If there is no native support for https in the template, that is what the ‘custom’ provisioning server is for. You can specify the full URL there using https. I recall some Cisco models won’t allow apache creds in the provisioning URL string, so watch for that when testing.
@lgaetz I’m trying to avoid using a custom URL. I’m going to have dozens of templates and would need to manually modify each of them if/when the URL changes (for example, a username/password change) if I went with a custom URL.
You are right on the creds in the URL. It uses an odd format that looks something like this: [--uid someusername --pwd somepassword] http://192.168.1.100:84/spa$MA.xml
Is there any point to this? From what I can see these phones don’t appear on any of Cisco’s TLS 1.2 support list and these phones are dead by June 1st this year. Not just End of Sale, full End of Life as in not even getting software updates after Just 1st (usually that last another year).
Everyone is turning down anything less than TLS 1.2 this year. There is going to be a point where these old devices won’t work with TLS anymore because systems won’t support the versions of TLS they need. And if someone is enabling older versions of TLS with known exploits because they don’t want to buy a new phone, they are just as secure as not having TLS.