Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
0
Helpful
1
Replies

CUCM - Utils capf cert import fails with parse error

Go to solution
admin.dsi
Level 1
Level 1

‎12-26-2019 02:52 AM - edited ‎12-26-2019 05:03 AM

Hi,

Im working on CUCM . I and im not a phone system administrator. I mean i m not experienced in this solution.

I'm trying to secure phones on the network with 802.1x auth. For that, Im asked to upload Windows CA certificates to Cisco IP Phones. And I can't make it work :/

Let me explain.

I have a CUCM (Publisher ? ), the main one.  And I have a second CUCM  (subscriber ? ), wich is a backup, and on wich phones registers.

 

I have followed a Cisco guide here : https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/118779-configure-cucm-00.pdf

 

I have uploaded my Windows CA chain as CallManager-trust purpose (Root > Intermediate > Device CA).

I've set the "Offline CA" parameter and restarted the CAPF service.

 

My phone is configured to Install/Upgrade CAPF and now in "Operation Pending" 

 

I am able to generate a CSR

utils capf csr count

Count CSR/Certificate files.
Valid CSR : 1
Invalid CSR : 0
Certificates: 0

I m able to issue a certificate for this CSR in CER format, before renaming to DER format. (2048 bits key)

The file is compressed with Linux into TGZ format.

 

Then, Im trying to upload the certificate to CUCM, but it fails 

 

utils capf cert import

Importing files.

Source:

 1) Remote Filesystem via FTP
 2) Remote Filesystem via TFTP
 q) quit

Please select an option (1 - 2 or "q" ): 1
File Path: mycertificate.tgz
Server: xxx.xxx.xxx.xxx
User Name: johndoe
Pwd: ************
Certificate file imported successfully
Certificate files extracted successfully.
Please wait. Processing 1 files
Parsing for certificate mycertificate.der failed.

As you can see, my certficate does not work, and I don't know why. 

How can i troubleshoot this ? Please help me with detailed steps, as im not comfortable with all CUCM environnement/commands/tools.

 

Thank you.

 

Edit :

Following guides, Ive been able to get the logs files. I have reproduced the import, with failure, and here are the logs. That looks like missing something. Not telling me anything helpful :(

 

file get activelog cm/trace/capf/sdi/capf*.txt
....

13:58:50.453 | debug ERROR:Inside sigusr1 catcher
13:58:50.453 | debug ERROR:Read certificates and post messages
13:58:50.454 | readSignedCert Certificates in the directory are:
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
admin.dsi
Level 1
Level 1

‎12-26-2019 06:07 AM

Ok.

Issue fixed after re issuing another certificat. I think it was an export format mistake.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
admin.dsi
Level 1
Level 1

‎12-26-2019 06:07 AM

Ok.

Issue fixed after re issuing another certificat. I think it was an export format mistake.

0 Helpful
Customers Also Viewed These Support Documents