Can anyone tell me if Snom handsets support encryption of their configuration files?
Understand I can provision them over HTTPS but what I'm requiring is encryption of the config file itself. I can't find any pointers to if this feature exists.
unfortunately the answer is no. encryption of configuration files isn't supported.
Using HTTPS you can secure the provisioning (data transfer is encrypted and clients are authenticated).
Please remember that snom 3xx devices contains a generic certificate (Issued by Snom), instead 7xx, 8xx, D7xx, D3xx and MXXX contains an unique certificate per phone.
Using some webserver you neither need the PHP script to check the client certificate and the request, for example with NGINX you can setup some regex expression matching the certificate CN against the HTTP request.