CTS and Sx EndPoint - TLS to CUCM and SRTP calls

onur temel · ‎04-03-2017

Hello friends,

1) I registered CTS TP to CUCM with TLS and looked like Ok (Lsc, Ctl files have been downloaded to the devices).

However when I made a call it fails as error: "remote site is not compatible".

the config is below

2) I want to register SX series EP to cucm but I got "Failed: SSL connection rejected"

when I check I see that none of the certificates are being downloaded to EP

the config is below

Elias Sevilla Duarte · ‎04-14-2017

When using TLS as the DefaultTransport for SIP configuration, the endpoint is forced to use certificates for authentication.

In this case, it seems that the endpoint is failing to obtain the ITL/CTL and LSC from CUCM, for that reason the endpoint is rejected when attempting to register to CUCM.

If CUCM is in Mixed mode (Under Enterprise Parameters), then the endpoint is definitely required to present certificates.

First, you need to make sure that the certificates are installed, in this way the provisioning portion will allow the endpoint to register. Follow the below steps.

-Delete any existing CUCM certificate. (From the SX web interface, log in as admin, and navigate to Security --> CUCM Certificate, click on "Dele CTL/ITL").

-Push the CAPF certificates to the SX codec, making sure that the Key Size is 2048 bits. (In CUCM Device Profile).

-Restart the device. (From CUCM, or otherwise from the SX web interface.)

Once this done, verify if the SX80 was able to install the CTL/ITL certificates. If it did, and the device still did not register, run the command "show ctl", and compare the certificates on the SX codec against the certificates in CUCM.

If required, open a TAC case, as the issue may need deeper troubleshooting.