Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco CP-8961 MIC certificates

Hi Everybody,

we want to configure 802.1X eap-tls authentication on our CP-8961 phones. Following the steps in this documentation

I was able to configure EAP-TLS for our phones. Unfortunatelly according to ACS logs both MIC and LSC rules do not match. The authentication matches the default rule (permit access), but the TLS handshake succeeded every time. Since Im not SSL/TLS guru I assume the phone has a certificate.

To view the certificate installed on the phone I followed this instruction In the first step you trigger the "troubleshoot" from our cucm. Unfortunatelly it does not genereate enything under /cm/trace/capf/sdi

So now my question is what certificate does my 8961 uses for EAP-TLS (MIC and LSC rules do not match, troubleshoot does not generate anything) and how can I view the certificate without capturing the traffic with tcpdump/wireshark.

Thanks in advance

New Member

Cisco CP-8961 MIC certificates

Could solve my problem.

Since I did not choose right Device Security Profile option on CUCM under phone configuration, the "troubleshoot" option under CAPF did not generate any output under /cm/trace/capf/sdi.

After creating right security profile for my CP-8961 deskphone, "troubleshoot" succeeded.

Reviewing generated MIC certificate I noticed that OU is not EVVBU like described here but is VTG.

After changing OU from evvbu to VTG on my ACS the rule matches.

CreatePlease to create content