05-20-2022 05:47 AM - edited 05-21-2022 03:40 AM
Hi!
I recently updated certificates in CUCM 12.5 as they were about to expire.
We now have the issue where phones (7821 and 8845) are unable to register when Security mode: Encrypted.
Some facts:
CUCM version 12.5
LSC installed on phones
Secure SIP profile on phones
In the call manager trust store, the new CAPF exists.
Certificates were signed by a third party and templates were created according to cisco guides.
By using MIC phones are able to register with secure mode.
The phones get the newly generated CAPF certifiate, it is seen on the phone that the old is gone and new is in.
The phones are only able to register with CUCM if the have a non-secure phone profile (with MIC certificates they are able to register)
This leads me to believe that there is some sort of certifiacte issue with callmanager not trusting the CAPF signed certificates?
Network side should not be an issue as secure mode is possible with MIC certificates.
05-22-2022 11:02 PM
Have you updated the CTL via CLI?
Do the phones have the new certs within their CTL?
Sounds to me, that the phones don't trust the new certs and that's why they aren't registering.
05-23-2022 12:54 AM
Hi!
Thanks for the reply.
Yes I updated the CTL via CLI.
CTL file with the new CAPF is visible on the phones but not registering.
The new CAPF is in the callmanagers trust store.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide