Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
0
Replies

Cisco VPN Phone Certificate Issues

AFlack20
Level 1
Level 1

‎01-20-2021 04:28 PM

 

I'm getting the following log messages on my ASA when my 7965 IP phone tries to establish the VPN from the outside.

2021-01-19 12:25:44 Local4.Error 192.168.244.5 Jan 19 2021 12:25:45: %ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: 539F5D2900000020EF2E, subject name: cn=CP-7965G-SEPFCFBFB1058FA,ou=EVVBU,o=Cisco Systems Inc..

2021-01-19 12:25:44 Local4.Error 192.168.244.5 Jan 19 2021 12:25:45: %ASA-3-717027: Certificate chain failed validation. Certificate chain date is out-of-range.

I don't know what cert the phone is presenting to the ASA, nor do i know what debugs I could use to find any additional info on said cert. Any suggestions would be welcome.

I have the CAPF,  Cisco_Manufacturing_CA, and CallManager certs all installed on the ASA, as can be seen screen grabs here. And before anyone asks, yes all these certs are valid and haven't expired, just trying to limit the amount of information that I would need to redact.

capf.PNG

Manufac_ca.PNGcallman.PNG

Also have the SSL cert that the ASA is using on the outside interface installed on the Call manager as can be seen in this screen grab.

phone-vpn.PNG

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents