Provisioning in v81 and encryption - Printable Version +- Yealink Forums (http://forum.yealink.com/forum) +-- Forum: IP Phone Series (/forumdisplay.php?fid=4) +--- Forum: Auto Provisioning (/forumdisplay.php?fid=14) +--- Thread: Provisioning in v81 and encryption (/showthread.php?tid=41014) |
Provisioning in v81 and encryption - Dalton - 07-25-2017 01:58 PM Hi There I have encrypted the common CFG file and the MAC CFG file, however, the phone (T23G - v44.81.0.15) that I am testing with does not decrypt the phones. The latest document states that we are to set the parameter to "static.auto_provision.aes_key_in_file = 1". If I do this in the common file and then encrypt the common file, it doesn't know to set this parameter. So if I only encrypt rhe MAC CFG file and don't encrypt the common file, then it works. I need to encrypt both the common and CFG files, how can I get the phone to decrypt the files if the parameter that tells it to look for the encrypted files is encrypted in and of itself? P.S: I tried using the boot file to look for a file called "enc.cfg" that contains "static.auto_provision.aes_key_in_file = 1", but then the phone doesn't proceed to look for its common CFG and MAC CFG file. How can I also get the boot file to contain a variable to tell the phone to look for its own MAC Oriented file and Common file? Then I can share this common boot file across all endpoints telling it to look for the encrypted configuration files. Regards Dalton RE: Provisioning in v81 and encryption - eagle21221 - 11-09-2017 03:20 PM The way i found out is a pain and alot of work. you need to set a boot file for each phone. IE the phone's "macaddress.boot" Then inside the "macaddress.boot" have: ######################## #!version:1.0.0.1 ## The header above must appear as-is in the first line include:config <encrypt.cfg> #<- not encrypted include:config "y0000000000xx.cfg" #<- encrypted include:config "macaddress.cfg" #<- encrypted overwrite_mode = 1 ######################## Inside encrypt.cfg ######################## #!version:1.0.0.1 static.auto_provision.aes_key_in_file = 1 #it seems to lose its provisioning settings after the first time you run it. static.auto_provision.server.url = static.auto_provision.server.username = static.auto_provision.server.password = ######################## Then put the files in the root folder of the provision server url. encrypt.cfg #<- not encrypted y0000000000xx.cfg #<- encrypted macaddress.cfg #<- encrypted its a pain and you need to run it twice, first time it goes through and sets decrypt by file, and the second time it auto provisions it decrypts the files. another easier way is just use a site AES key and when your setting up the auto provision server on the phone you just input the site AES key for both common and mac. Better than going through and setting up a boot for each phone. |