05-20-2022 05:47 AM - edited 05-21-2022 03:40 AM
Hi!
I recently updated certificates in CUCM 12.5 as they were about to expire.
We now have the issue where phones (7821 and 8845) are unable to register when Security mode: Encrypted.
Some facts:
CUCM version 12.5
LSC installed on phones
Secure SIP profile on phones
In the call manager trust store, the new CAPF exists.
Certificates were signed by a third party and templates were created according to cisco guides.
By using MIC phones are able to register with secure mode.
The phones get the newly generated CAPF certifiate, it is seen on the phone that the old is gone and new is in.
The phones are only able to register with CUCM if the have a non-secure phone profile (with MIC certificates they are able to register)
This leads me to believe that there is some sort of certifiacte issue with callmanager not trusting the CAPF signed certificates?
Network side should not be an issue as secure mode is possible with MIC certificates.