Solved

Cisco IP Phone shows Certificate Expired and does not register

Posted on 2013-06-24
6
1,106 Views
Last Modified: 2013-07-14
Hello everyone!

We are using Cisco Call Manager 6.1, some phones got unregistered, when I look in debug messages in IP Phone web page, I can see this error

ERR 04:27:43.532340 SECD: EROR:clpState: SSL3 alert read:fatal:certificate expired:<192.168.16.6>
ERR 04:27:43.533242 SECD: EROR:clpState: SSL_connect:failed in SSLv3 read finished A:<192.168.16.6>
ERR 04:27:43.533511 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <192.168.16.6> c:7 s:8
ERR 04:27:43.533717 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <192.168.16.6> c:7 s:8
ERR 04:27:43.533917 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <192.168.16.6> c:7 s:8
ERR 04:27:43.534106 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<192.168.16.6>
ERR 04:27:43.534321 SECD: EROR:clpSndStatus: ** SEC-ERR: code:5(SSL_ALERT) subcode:45(EXPIRED_CERT)
ERR 04:27:43.534514 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <certificate expired>


Need to mention that we were using MIC certificates for TLS, if I install LSC certificate on those unregistered phones, they register succesfully

Why do I get those error messages?

Thank you!
0
Comment
Question by:fgasimzade
  • 2
6 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 39304985
You need to have a local CA configured that will issue/renew certificates.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_6_1/secugd/secucapf.html#wp1120152
You might be missing the automated portion configuration. When manually issuing the certificates, the phones will function without an issue for the length of the issued cert.
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 0 total points
ID: 39309917
Solved by installing LSC certificates to the affected phones
0
 
LVL 18

Author Closing Comment

by:fgasimzade
ID: 39324369
Solved by installing LSC certificates to the affected phones
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Whether you believe the “gig economy,” as it has been dubbed, is the next big economic paradigm shift (https://www.theguardian.com/commentisfree/2015/jul/26/will-we-get-by-gig-economy) or an overstated trend (http://www.wsj.com/articles/proof-of-a-g…
Digital marketing agencies have encountered both the opportunities and difficulties that emerge from working with a wide-ranging organizations.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question