we use many VG204 and VG224 with SCCP to connect analog phones to call managers.
Without security everything works fine.
Now we want to switch to authenticated mode with the command "stcapp security mode authenticated" or "encrypted" only.
We had many problems, but we solved it to the point that VG204 and call manager can open a secure connection with each other.
To do so, we need to import the root ca of the VG204 certificates to all call manager trust stores and import the certificates of all call managers to the VG204.
We use the command
sccp ccm x.x.x.x identifier 2 priority 2 version 6.0 trustpoint xxx
to tell the VG204 which trustpoint to use for this call manager.
(By the way: We use call manager 7.1.3, but with version 7.1 in sccp we had problems with the registration)
Enrypted communication is ok, but the registration fails with the following error:
08/05/2010 13:51:29.086 CCM|StationD: (0128965) wait_register_StationRegister sent StationOutputRegisterReject(missmatch in devcie name and X509 Name in certificate|<CLID::StandAloneCluster><NID::x.x.x.x><CT::3,100,39,1.408058><IP::x.x.x.x><DEV::ANxxxxxxxxxx000><LVL::Detailed><MASK::0800>
So I need to know how to format the certificate name (subject or to be more specific the cn) for the registration to succeed.
I could not find anything about this in the documentation and we tried an name we could suggest (created more than 20 certificates with different subject names to test :-) )
I appreciate any usefull comment.