Aastra 6753i HTTP Configuration Server

I realize this is an Asterisk forum, but this is the closest related thing I can find for some help.

I’ve been able to automatically provision my phones with TFTP. I understand what the phone looks for and how to provide that. There are no problems with this.

So, I tried to migrate this over to HTTP so I could see how to handle that. I tried this and watched the log files on my HTTP server and saw the phone look for aastra.cfg on my server. The only issue here is that the server responds with HTTP 301 because I’m forcing SSL. The phone does not follow the redirect and the config download fails.

Ok, next I switched the phone directly to HTTPS. The settings are otherwise identical. This time I don’t get any hits to the log files on my server. I can access the aastra.cfg file just fine from a browser and see the log file entry as expected, but when the phone tries I get nothing.

I did a tcpdump on the server to look for packets coming from the phone and I do see that the phone is sending packets to the server…but for whatever reason it’s not hitting the HTTP server.

Does anyone have any experience with setting this up? I’m stepping back from this for now but I don’t know where else to look to get more info on the problem.

I finally found a decent manual for this phone: https://www.voipsupply.com/downloads/dl/file/id/6/aastra_67xx_9143i_9480i_9480i_ct_admin_guide.pdf

Page 148 says:

If you are using HTTPS and the
certificates are not valid or are not
signed by Verisign, Thawte, or
GeoTrust, Comodo, or CyberTrust,
the phones fail to download
configuration files.

I disabled certificate validation on the phone but that didn’t really help. I think this may be the problem? We’re not using any of those CAs.