CME IP Phone Security via LSC

Unanswered Question
Jan 26th, 2009

Hello,

I have the problem with a CME. The Phone doesn't initiate a TLS Session with the CAPF Server.

.Jan 26 10:13:19: TFTP: Looking for CTLSEP00235E1A3C00.tlv

.Jan 26 10:13:19: TFTP: Opened flash:/CTLFile.tlv, fd 7, size 3632 for process 325

.Jan 26 10:13:19: TFTP: Finished flash:/CTLFile.tlv, time 00:00:00 for process 325

.Jan 26 10:13:19: TFTP: Looking for SEP00235E1A3C00.cnf.xml.sgn

.Jan 26 10:13:19: TFTP: Opened flash:/its/SEP00235E1A3C00.cnf.xml.sgn, fd 7, size 1675 for process 325

.Jan 26 10:13:19: TFTP: Finished flash:/its/SEP00235E1A3C00.cnf.xml.sgn, time 00:00:00 for process 325

.Jan 26 10:13:28: TFTP: Looking for SCCP42.8-4-2S.loads

.Jan 26 10:13:34: TFTP: Opened flash:phone/7942-7962/cnu42.8-4-1-23.sbn, fd 7, size 485066 for process 325

.Jan 26 10:13:35: TFTP: Finished flash:phone/7942-7962/cnu42.8-4-1-23.sbn, time 00:00:01 for process 325

.Jan 26 10:13:39: TFTP: Looking for apps42.8-4-1-23.sbn

.Jan 26 10:13:39: TFTP: Opened flash:phone/7942-7962/apps42.8-4-1-23.sbn, fd 7, size 2918613 for process 325

.Jan 26 10:13:45: TFTP: Finished flash:phone/7942-7962/apps42.8-4-1-23.sbn, time 00:00:06 for process 325

.Jan 26 10:14:01: TFTP: Looking for dsp42.8-4-1-23.sbn

.Jan 26 10:14:01: TFTP: Opened flash:phone/7942-7962/dsp42.8-4-1-23.sbn, fd 7, size 335003 for process 325

.Jan 26 10:14:01: TFTP: Finished flash:phone/7942-7962/dsp42.8-4-1-23.sbn, time 00:00:00 for process 325

.Jan 26 10:14:04: TFTP: Looking for cvm42sccp.8-4-1-23.sbn

.Jan 26 10:14:04: TFTP: Opened flash:phone/7942-7962/cvm42sccp.8-4-1-23.sbn, fd 7, size 2659498 for process 325

.Jan 26 10:14:09: TFTP: Finished flash:phone/7942-7962/cvm42sccp.8-4-1-23.sbn, time 00:00:05 for process 325

.Jan 26 10:14:54: TFTP: Looking for CTLSEP00235E1A3C00.tlv

.Jan 26 10:14:54: TFTP: Opened flash:/CTLFile.tlv, fd 7, size 3632 for process 325

.Jan 26 10:14:54: TFTP: Finished flash:/CTLFile.tlv, time 00:00:00 for process 325

.Jan 26 10:14:54: TFTP: Looking for SEP00235E1A3C00.cnf.xml.sgn

.Jan 26 10:14:54: TFTP: Opened flash:/its/SEP00235E1A3C00.cnf.xml.sgn, fd 7, size 1675 for process 325

.Jan 26 10:14:54: TFTP: Finished flash:/its/SEP00235E1A3C00.cnf.xml.sgn, time 00:00:00 for process 325

.Jan 26 10:14:57: TFTP: Looking for German_Germany/mk-sccp.jar.sgn

.Jan 26 10:14:57: TFTP: Looking for Germany/g3-tones.xml.sgn

.Jan 26 10:14:57: New Skinny socket accepted [2] (5 active)

.Jan 26 10:14:57: sin_family 2, sin_port 37830, in_addr 10.0.134.70

.Jan 26 10:14:57: add_skinny_secure_socket: pid =325, new_sock=0, ip address = 10.0.134.70

.Jan 26 10:14:57: skinny_secure_handshake: pid =325, sock=0, args->pid=325, ip address = 10.0.134.70

.Jan 26 10:14:57: CRYPTO_PKI: unlocked trustpoint mytrustpoint1, refcount is 0

.Jan 26 10:14:57: Start TLS Handshake 0 10.0.134.70 37830

.Jan 26 10:14:57: TLS Handshake retcode OPSSLReadWouldBlockErr

.Jan 26 10:14:58: TLS Handshake retcode OPSSLReadWouldBlockErr

.Jan 26 10:14:59: TLS Handshake retcode OPSSLReadWouldBlockErr

.Jan 26 10:15:00: TLS Handshake retcode OPSSLReadWouldBlockErr

.Jan 26 10:15:01: CRYPTO_PKI: Added x509 peer certificate - (1157) bytes

.Jan 26 10:15:01: CRYPTO_PKI: validation path has 1 certs

.Jan 26 10:15:01: CRYPTO_PKI: Unable to locate cert record by issuername

.Jan 26 10:15:01: CRYPTO_PKI: No trust point for cert issuer, looking up cert chain

.Jan 26 10:15:01: TLS Handshake error -6992

.Jan 26 10:15:01: TLS context configuration FAILED for 0 10.0.134.70 37830

Can everybody help me?

Thanks Peter

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pgcristovam Thu, 08/06/2009 - 11:11

Hi Peter

I am with same problem. did you resolve this problem?

Thanks

Peterson

FlorianCokl Sun, 09/18/2011 - 16:14

Hi Nicholas

I have the same issue, and tried what you suggested - no success 

Any other ideas?

FlorianCokl Sun, 09/18/2011 - 16:16

Hi PeterRoyMueller,

have you been able to solve the problem?! I am stuck with the same issue

Kind Regards

Florian

Vladimir Zheltukhin Fri, 02/07/2014 - 01:50

I used other versions of cme, such us 4.1, 7.1, 8.6 on 2800 series routers with phones 7940, 7941, 7945 with different firmware 8-3-3, 8-3-5, 9-2-3, 9-3-1

sent "show tech"  to your e-mail

Actions

This Discussion