ENCRYPTION using CISCO Meeting Server and CISCO EP's

Chet Cronin · ‎03-27-2023

Need to set Encryption "ON" vice Best effort on my endpoints. All EPs are on ce10.X and RoomOS ce11.1
I have CMS version 3.3.3.
All Endpoints and CMS are registered to Exp Core running x14.0.8. All EP's are running H.323 at the moment.

When I turn on encryption and make a call it fails ?
Not sure what the issue is. I looked at the CMS log and it appears to connect but on the endpoint the error is
"Unable to establish an encrypted connection"

Chet Cronin

Jonathan Schulenberg · ‎03-28-2023

Does a call between H.323 endpoints through Expresway succeed when encryption is forced on? If yes, does registering an endpoint via SIP instead of H.323 allow it to call CMS with encryption forced on?

Chet Cronin · ‎03-28-2023

I'll check and get back to you.

Thanks..

Chet Cronin

Chet Cronin · ‎03-28-2023

I tried it between endpoints and still see it try to connect but getting Unable to establish an encrypted connection.

?

Chet Cronin

Jonathan Schulenberg · ‎03-28-2023

You'll need to pull logs from the endpoints and Expressway to figure out what's going on here. H.323 is ancient but I believe encryption requires H.235 capabilities negotiation to work.

If I were in your shoes, I'd try registering two endpoints with SIP instead to see if the issue resolves. That would also greatly reduce, if not eliminate, the need for interworking on Expressway for the calls to/from CMS. If it works, use it as an opportunity to retire some technical debt and move away from H.323.

PS- Including your phone number on the public forums is a great way to get more spam calls.

Chet Cronin · ‎03-28-2023

Thank you for the update. Yes totally agree, we need to sunset the H.323 and move to SIP. That is the plan.

Chet Cronin