This document was generated from CDN thread
Created by: Graham Schofield on 17-08-2012 10:55:26 AM
Hello,
I am trying to configure a TLS connection to a SIP trunk for secure recording. I have generated a test certificate and uploaded it to the CUCM and added its subject name to a SIP Trunk Security Profile and assigned that profile to the SIP Trunk I am using setting the SRTP Allowed and "Whenusing both sRTP and TLS" for the secure traffic option. When I try to record a call the CUCM sends me an INVITE over a TLS connection (looking at Wireshark) but then after the 200OK etc. it sends a BYE straight away.
Lpooking at the logs using RTMT I can see:
SIPHandler(1,100,71,1) |SIPTcp(1,100,63,1) |1,100,17,70.3^*^* |[T:N-H:0,N:0,L:0,V:0,Z:0,D:0] connIdx= 74 --remoteIP=192.0.0.57 --remotePort = 5061 --X509SubjectName /CN=My Recording/ST=Someplace/C=UK/O=My Recorders Ltd --Cipher AES128-SHA --SubjectAltname =
then:
TLS InvalidX509NameInCertificate Error (reason 2), Rcvd=Red, Expected=O=My Recorders Ltd,C=UK,ST=Someplace,CN=My Recording
then the CUCM rejects the call as the TLS connection is unsecure.
The subject name is the same as the subject name in the CUCM Security->Certificates list
When I extract the subject name from the certificate in OpenSSL I get:
Subject: CN=My Recording, ST=Someplace, C=UK, O=My Recorders Ltd
I don't understand why the certificate name is being displayed differently at different places in the logs. Why does the CUCM not like the subject name of the certificate when all parties are using the same self-signed test certificate?