Secure endpoint provisioning requires an encrypted HTTP connection (HTTPS) between endpoint and server. For this, our phones come equipped with several well known, and commonly used pre-installed certificates issued by trusted authorities such as DigiCert, VeriSign, Thawte, and others.
If a customer prefers to use his own self-signed certificate, he can do so by uploading the certificate to the phone. This is typically done in a so called staging step , prior to the auto-provisioning of the phone.
1. Configuration File
Prepare a small configuration file with either a download link to where the self-signed certificate is stored, or with the base-64 encoded certificate already pasted in.
2. Redirect the phone to the certificate file
- Make sure you have local redirection set up in a secure environment.
- When the phone boots up, it will fetch the file, download and store the self-signed certificate.
- On the next boot up, it will use the self-signed certificate to authenticate the provisioning server redirected to.