Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Secure SRST TLS Socket error

i have setup Secure SRST in a 2821 router. All configs look good so far. Except, when I update the SRST reference to Secure SRST, CM tries to update the certificate, I get an error in CM saying, TLS Socket error while trying to retrieve the certifate.

Debug credentials on the router shows the following.

CRYPTO_PKI: Can not select private key (BR1.)

Sep 12 17:29:30.843: CRYPTO_OPSSL: Can't find router private key


Re: Secure SRST TLS Socket error


I need a stick to beat myself!

I created the CA server and setup the router as a trustpoint. Even authenticated the trustpoint to the CA server. But forgot to enroll the router to the CA server in order to get the certificate. Did that and Callmanager is able to download the certificate now.

R.T.F.M twice

New Member

Re: Secure SRST TLS Socket error

Hey Sankar,

maybe you can give me a little help. I try to configure secure SRST, but can?t find any IOS for 2811 capable for that feature. I tried "advanced enterprise services 12.4.11T - it is also missing the "credentials" command in global config...

Is there something very basic I?m doing wrong?

Thank you in advance.

Kind Regards,


Re: Secure SRST TLS Socket error


Did you already setup the Pki server, enroll the router to the Pki server ?


New Member

Re: Secure SRST TLS Socket error

Yes, I had set up the CA-Server in IOS and also enrolled the router itself to that CA. The problem was, I had no credentials-server, so CCM could not connect to port 2445 and catch the certificate. Wrong IOS! (If you don?t need that stick for you any longer, maybe you can send it over to me...)

I now found an IOS with that feature in it. But still the phones say TLS error when trying to register at secure SRST. How can I find out, what type of phone needs what .0-file from CCM. I pasted three of them to trustpoints. Do I need them all?

Kind Regards and thank you for your help so far!


New Member

Re: Secure SRST TLS Socket error

Okay, it?s working now.

I see, I do not need all of them - just the right ones ;-)