Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Issue while new certificate provisioning

Hello All,

Recently we had a CUCM upgrade to and some of the 7911 phones were not coming up for the registration so we did the following thigs manually.

1. Device security profile: Cisco 7911 SCCP Producation Profile.

2. Certificate Operation: Install / Upgrade

3. Authendication Mode: By existing certificate (Precedence to LSC)

But the phones were not coming up.

I have the logs for you below which i captured from the phone.

NOT 03:14:19.921792 SECD: clpSetupSsl: SCCP(ENCR) SSL/TLS req <, TOS 96> NOT 03:14:19.923322 SECD: clpSetupSsl: SCCP, TLSv1, cert LSC, cipher [AES256-SHA:AES128-SHA] NOT 03:14:19.924284 SECD: clpSetupSsl: binding to lport NOT 03:14:19.924934 SECD: clpSetupSsl: binding to , <(null)>:<0> NOT 03:14:19.925644 SECD: clpSetupSsl: Trying to connect to IPV4, IP:, Port : 2443 NOT 03:14:19.926525 SECD: clpSetupSsl: TCP connect() waiting, <> c:7 s:8 port: 2443 NOT 03:14:19.927567 SECD: clpSetupSsl: TCP connected, <> c:7 s:8 NOT 03:14:19.928299 SECD: clpSetupSsl: start SSL/TLS handshake, <> c:7 s:8 NOT 03:14:19.936614 SECD: srvr_cert_vfy: Server Certificate Validation needs to be done NOT 03:14:19.938208 SECD: sccp_cert_vfy: UCM cert is in CTL, <> NOT 03:14:19.939756 SECD: sccp_cert_vfy: UCM cert hash verified, <> ERR 03:14:20.324020 SECD: EROR:clpState: SSL3 alert read:fatal:certificate expired:<> ERR 03:14:20.325007 SECD: EROR:clpState: SSL_connect:failed in SSLv3 read finished A:<> ERR 03:14:20.325883 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <> c:7 s:8 ERR 03:14:20.326725 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <> c:7 s:8 ERR 03:14:20.327865 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <> c:7 s:8 ERR 03:14:20.328740 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<> ERR 03:14:20.329573 SECD: EROR:clpSndStatus: ** SEC-ERR: code:5(SSL_ALERT) subcode:45(EXPIRED_CERT) ERR 03:14:20.331019 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <certificate expired> NOT 03:14:20.367567 SECD: clpDelClnt: closing conn to <>, c:7, s:8 NOT 03:14:20.369386 SECD: clpDelClnt: Closing the local socket now

I am not sure what exactly the issue is. Looking forward your good solution.


CreatePlease to create content