[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Cisco IP Phone shows Certificate Expired and does not register

Posted on 2013-06-24
6
Medium Priority
?
1,228 Views
Last Modified: 2013-07-14
Hello everyone!

We are using Cisco Call Manager 6.1, some phones got unregistered, when I look in debug messages in IP Phone web page, I can see this error

ERR 04:27:43.532340 SECD: EROR:clpState: SSL3 alert read:fatal:certificate expired:<192.168.16.6>
ERR 04:27:43.533242 SECD: EROR:clpState: SSL_connect:failed in SSLv3 read finished A:<192.168.16.6>
ERR 04:27:43.533511 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <192.168.16.6> c:7 s:8
ERR 04:27:43.533717 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <192.168.16.6> c:7 s:8
ERR 04:27:43.533917 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <192.168.16.6> c:7 s:8
ERR 04:27:43.534106 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<192.168.16.6>
ERR 04:27:43.534321 SECD: EROR:clpSndStatus: ** SEC-ERR: code:5(SSL_ALERT) subcode:45(EXPIRED_CERT)
ERR 04:27:43.534514 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <certificate expired>


Need to mention that we were using MIC certificates for TLS, if I install LSC certificate on those unregistered phones, they register succesfully

Why do I get those error messages?

Thank you!
0
Comment
Question by:fgasimzade
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 39304985
You need to have a local CA configured that will issue/renew certificates.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_6_1/secugd/secucapf.html#wp1120152
You might be missing the automated portion configuration. When manually issuing the certificates, the phones will function without an issue for the length of the issued cert.
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 0 total points
ID: 39309917
Solved by installing LSC certificates to the affected phones
0
 
LVL 18

Author Closing Comment

by:fgasimzade
ID: 39324369
Solved by installing LSC certificates to the affected phones
0

Featured Post

Eye-catchers on the conference table

Challenge: The i-unit group was not satisfied with the audio quality during remote meetings. They were looking for a portable solution with excellent audio quality for use in their conference room but also at their client’s offices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
With the shift in today’s hiring climate (http://blog.experts-exchange.com/ee-blog/5-tips-on-succeeding-in-the-new-gig-economy/?cid=Blog_031816), many companies are choosing to hire freelancers to get projects completed efficiently and inexpensively…
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question