When using TLS as the DefaultTransport for SIP configuration, the endpoint is forced to use certificates for authentication.
In this case, it seems that the endpoint is failing to obtain the ITL/CTL and LSC from CUCM, for that reason the endpoint is rejected when attempting to register to CUCM.
If CUCM is in Mixed mode (Under Enterprise Parameters), then the endpoint is definitely required to present certificates.
First, you need to make sure that the certificates are installed, in this way the provisioning portion will allow the endpoint to register. Follow the below steps.
-Delete any existing CUCM certificate. (From the SX web interface, log in as admin, and navigate to Security --> CUCM Certificate, click on "Dele CTL/ITL").
-Push the CAPF certificates to the SX codec, making sure that the Key Size is 2048 bits. (In CUCM Device Profile).
-Restart the device. (From CUCM, or otherwise from the SX web interface.)
Once this done, verify if the SX80 was able to install the CTL/ITL certificates. If it did, and the device still did not register, run the command "show ctl", and compare the certificates on the SX codec against the certificates in CUCM.
If required, open a TAC case, as the issue may need deeper troubleshooting.