Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
247
Views
0
Helpful
0
Replies

Issue while new certificate provisioning

Kulasekararaja Kamaraj
Level 1
Level 1

‎07-08-2013 07:36 AM - edited ‎03-16-2019 06:16 PM

Hello All,

Recently we had a CUCM upgrade to 8.5.1.16102-1 and some of the 7911 phones were not coming up for the registration so we did the following thigs manually.

1. Device security profile: Cisco 7911 SCCP Producation Profile.

2. Certificate Operation: Install / Upgrade

3. Authendication Mode: By existing certificate (Precedence to LSC)

But the phones were not coming up.

I have the logs for you below which i captured from the phone.

NOT 03:14:19.921792 SECD: clpSetupSsl: SCCP(ENCR) SSL/TLS req <19.170.24.32, TOS 96> NOT 03:14:19.923322 SECD: clpSetupSsl: SCCP, TLSv1, cert LSC, cipher [AES256-SHA:AES128-SHA] NOT 03:14:19.924284 SECD: clpSetupSsl: binding to lport NOT 03:14:19.924934 SECD: clpSetupSsl: binding to , <(null)>:<0> NOT 03:14:19.925644 SECD: clpSetupSsl: Trying to connect to IPV4, IP: 19.170.24.32, Port : 2443 NOT 03:14:19.926525 SECD: clpSetupSsl: TCP connect() waiting, <19.170.24.32> c:7 s:8 port: 2443 NOT 03:14:19.927567 SECD: clpSetupSsl: TCP connected, <19.170.24.32> c:7 s:8 NOT 03:14:19.928299 SECD: clpSetupSsl: start SSL/TLS handshake, <19.170.24.32> c:7 s:8 NOT 03:14:19.936614 SECD: srvr_cert_vfy: Server Certificate Validation needs to be done NOT 03:14:19.938208 SECD: sccp_cert_vfy: UCM cert is in CTL, <19.170.24.32> NOT 03:14:19.939756 SECD: sccp_cert_vfy: UCM cert hash verified, <19.170.24.32> ERR 03:14:20.324020 SECD: EROR:clpState: SSL3 alert read:fatal:certificate expired:<19.170.24.32> ERR 03:14:20.325007 SECD: EROR:clpState: SSL_connect:failed in SSLv3 read finished A:<19.170.24.32> ERR 03:14:20.325883 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <19.170.24.32> c:7 s:8 ERR 03:14:20.326725 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <19.170.24.32> c:7 s:8 ERR 03:14:20.327865 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <19.170.24.32> c:7 s:8 ERR 03:14:20.328740 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<19.170.24.32> ERR 03:14:20.329573 SECD: EROR:clpSndStatus: ** SEC-ERR: code:5(SSL_ALERT) subcode:45(EXPIRED_CERT) ERR 03:14:20.331019 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <certificate expired> NOT 03:14:20.367567 SECD: clpDelClnt: closing conn to <19.170.24.32>, c:7, s:8 NOT 03:14:20.369386 SECD: clpDelClnt: Closing the local socket now

I am not sure what exactly the issue is. Looking forward your good solution.

Thanks.

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents