[SOLVED] Force https provisioning

Is there a way to force https provisioning?

We have our phones find the provisioning server by using DHCP option 66. They properly pull the initial cfg over https, but inside the cfg, all of the url’s for firmware, background images etc are http only. I manually edited the cfg to all https and the phone properly provisioned everything over https.

How do I get EPM (commercial) to write the cfg with https requests? I have tried going to system admin->Port management and disabling port 84 (http provisioning) leaving only https (port 1443).

But now in EPM when I try to rebuild the phone config I get an error:

“Selected template[‘template’] requested provisioning protocol ‘hpro’ is not enabled. Please either enalbe ‘hpro’ in System Admin module or change protocol in template.”

hpro? Not sure what that one is, nor can I find a reference to it in the System Admin module.

Not all templates support https, what phone are you using?

Yealink SIP-T48S. I’ve verified the phone itself will support all https requests by manually editing the cfg file. But obviously the template will overwrite this the next time the configs are written.

There is no native support for https on Yealink templates, so you need to set a custom provisioning address.

You can get HTTPS to work by using custom instead of selecting http/tftp and it works for newer Yealinks but the older ones it doesn’t work for, older than t28

Wish I could give a “solved” to both of you. But you’re correct, using a custom provisioning URL worked. I verified by running tcpdump on both port 84 and 1443 while provisioning a new phone and by looking at the contents of the .cfg.

Fortunately all our phones are SIP-T48S and SIP-T49G, so they both support all https.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.