Hello All,
Recently we had a CUCM upgrade to 8.5.1.16102-1 and some of the 7911 phones were not coming up for the registration so we did the following thigs manually.
1. Device security profile: Cisco 7911 SCCP Producation Profile.
2. Certificate Operation: Install / Upgrade
3. Authendication Mode: By existing certificate (Precedence to LSC)
But the phones were not coming up.
I have the logs for you below which i captured from the phone.
NOT 03:14:19.921792 SECD: clpSetupSsl: SCCP(ENCR) SSL/TLS req <19.170.24.32, TOS 96> NOT 03:14:19.923322 SECD: clpSetupSsl: SCCP, TLSv1, cert LSC, cipher [AES256-SHA:AES128-SHA] NOT 03:14:19.924284 SECD: clpSetupSsl: binding to lport NOT 03:14:19.924934 SECD: clpSetupSsl: binding to , <(null)>:<0> NOT 03:14:19.925644 SECD: clpSetupSsl: Trying to connect to IPV4, IP: 19.170.24.32, Port : 2443 NOT 03:14:19.926525 SECD: clpSetupSsl: TCP connect() waiting, <19.170.24.32> c:7 s:8 port: 2443 NOT 03:14:19.927567 SECD: clpSetupSsl: TCP connected, <19.170.24.32> c:7 s:8 NOT 03:14:19.928299 SECD: clpSetupSsl: start SSL/TLS handshake, <19.170.24.32> c:7 s:8 NOT 03:14:19.936614 SECD: srvr_cert_vfy: Server Certificate Validation needs to be done NOT 03:14:19.938208 SECD: sccp_cert_vfy: UCM cert is in CTL, <19.170.24.32> NOT 03:14:19.939756 SECD: sccp_cert_vfy: UCM cert hash verified, <19.170.24.32> ERR 03:14:20.324020 SECD: EROR:clpState: SSL3 alert read:fatal:certificate expired:<19.170.24.32> ERR 03:14:20.325007 SECD: EROR:clpState: SSL_connect:failed in SSLv3 read finished A:<19.170.24.32> ERR 03:14:20.325883 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <19.170.24.32> c:7 s:8 ERR 03:14:20.326725 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <19.170.24.32> c:7 s:8 ERR 03:14:20.327865 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <19.170.24.32> c:7 s:8 ERR 03:14:20.328740 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<19.170.24.32> ERR 03:14:20.329573 SECD: EROR:clpSndStatus: ** SEC-ERR: code:5(SSL_ALERT) subcode:45(EXPIRED_CERT) ERR 03:14:20.331019 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <certificate expired> NOT 03:14:20.367567 SECD: clpDelClnt: closing conn to <19.170.24.32>, c:7, s:8 NOT 03:14:20.369386 SECD: clpDelClnt: Closing the local socket now
I am not sure what exactly the issue is. Looking forward your good solution.
Thanks.