ā03-31-2016 04:40 PM - edited ā03-18-2019 05:45 AM
HI,
I had a DX70 and I tried to register by MRA, when I reset the network configuration and the page of configuration of service domain, user and password appears, I put my domain, user and password a error messages says: "secure connection failed, Please contact customer serviceā
.load of DX70: 10.2.5
expway E version: X8.7
Is there any Idea what itĀ“s happening???
Solved! Go to Solution.
ā04-01-2016 03:52 AM
Hi Luis,
Please see the below lines from release notes.
Mobile and Remote Access through Expressway requires Cisco Expressway 8.6 or later and Cisco Unified Communications Manager 10.5.2 SU2 or Cisco Unified Communications Manager 11.0 or later.
I suggest you have minimum version for CUCM as 10.5.2SU2 and make sure your expressway certificate signed by public CA, as phones may not work with expressway self signed certificate.
____________________________________________________________________________
To establish a TLS session, the device must authenticate an Expressway certificate signed by a public Certificate Authority trusted by the device firmware. It is not possible to install or trust other CA certificates on DX Series devices for authenticating an Expressway certificate. See the Cisco DX Series Administration Guide for the list of trusted CA certificates embedded in the devices.
____________________________________________________________________________
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/dx/series/rel-notes/1024/DX00_BK_RF53F53D_00_release-notes-dx-series-1024.pdf
For Certificate, please refer the below link.
http://www.cisco.com/c/en/us/support/collaboration-endpoints/desktop-collaboration-experience-dx600-series/products-technical-reference-list.html
Procedure:
DX70:
Factory Reset: Apply power and wait for the Mute LED to blink, then hold the volume up till the Mute red LED is lit. Then release volume key and hold the Mute key for 3 seconds.
Alt-boot: Apply power and wait for the Mute LED to blink, then hold the volume down till the Mute red LED is lit. Then release volume key and hold the Mute key for 3 seconds.
Expressway login details
Note: If the details screen disappears while entering, go to Settings > More > select the checkbox next to Service Options > Reset Network Settings to get the prompt to show again
7. If prompted select OK at Multi User Mode
8. The device will then register to the CUCM over Expressway. Successful MRA through Expressway connectivity will show your number in the bottom left hand corner of the screen
Regards,
Raaj
ā03-31-2016 05:35 PM
Does it work with other clients??
Are you running a CUCM release which supports that??
And was the certs on EXP-E signed by an approved public CA??
Finally, what troubleshooting have you done so far???
ā04-01-2016 03:52 AM
Hi Luis,
Please see the below lines from release notes.
Mobile and Remote Access through Expressway requires Cisco Expressway 8.6 or later and Cisco Unified Communications Manager 10.5.2 SU2 or Cisco Unified Communications Manager 11.0 or later.
I suggest you have minimum version for CUCM as 10.5.2SU2 and make sure your expressway certificate signed by public CA, as phones may not work with expressway self signed certificate.
____________________________________________________________________________
To establish a TLS session, the device must authenticate an Expressway certificate signed by a public Certificate Authority trusted by the device firmware. It is not possible to install or trust other CA certificates on DX Series devices for authenticating an Expressway certificate. See the Cisco DX Series Administration Guide for the list of trusted CA certificates embedded in the devices.
____________________________________________________________________________
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/dx/series/rel-notes/1024/DX00_BK_RF53F53D_00_release-notes-dx-series-1024.pdf
For Certificate, please refer the below link.
http://www.cisco.com/c/en/us/support/collaboration-endpoints/desktop-collaboration-experience-dx600-series/products-technical-reference-list.html
Procedure:
DX70:
Factory Reset: Apply power and wait for the Mute LED to blink, then hold the volume up till the Mute red LED is lit. Then release volume key and hold the Mute key for 3 seconds.
Alt-boot: Apply power and wait for the Mute LED to blink, then hold the volume down till the Mute red LED is lit. Then release volume key and hold the Mute key for 3 seconds.
Expressway login details
Note: If the details screen disappears while entering, go to Settings > More > select the checkbox next to Service Options > Reset Network Settings to get the prompt to show again
7. If prompted select OK at Multi User Mode
8. The device will then register to the CUCM over Expressway. Successful MRA through Expressway connectivity will show your number in the bottom left hand corner of the screen
Regards,
Raaj
ā04-07-2016 11:06 AM
Hi Jaime, the certs on EXP-E & C has make in open SSL, so these certs have to be signed by any approved public CA fo the lonk bellow??
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/dx/series/admin/1024/DX00_BK_C12F3FF5_00_cisco-dx-series-ag1024/DX00_BK_C12F3FF5_00_cisco-dx-series-ag1024_appendix_01111.html
thanks.
ā04-07-2016 11:33 AM
Hi Luis,
Public CA is prerequsite, since DX phones have root certificate for valid public CA provider's.
Self signed and open SSL will never work.
"make sure your expressway certificate signed by public CA, as phones may not work with expressway self signed certificate"
Regards,
Raaj
ā04-07-2016 11:47 AM
Yes, the root CAs that the phone has, is limited to the ones outlined in the link, it HAS to be a public CA who signs the EXP-E certificate, you can make it work for Jabber (assuming you're willing to take on the huge overhead it would require, but we definitely advise against it), but for endpoints, there's no way around this.
ā04-12-2016 02:31 PM
Hi Jaime .
Iam working with Luis Borja
about the Phone security Profile, is necessary to include it in CSR ??
the csr shoud be generated in expressway core and edge ??
which are the parameters required to generate the CRS for DX device ??
The jabber is working fine .
the new certificate, authenticated for public CA, replace
the old certificates ??
ā04-12-2016 02:47 PM
The phone security profile is only if you are using mixed mode
You need to have a signed cert on BOTH servers, EXP-C can be a local/internal CA, the EXP-E has to be a public CA if you want hard endpoints to use MRA.
You don't generate a CSR for endpoints...
Yes, you can only have one server certificate.
I STRONGLY suggest you watch the video on certificates management I have here in the update
http://docwiki.cisco.com/wiki/Certificates_FAQ
ā11-24-2021 11:44 AM
Hi Jaime
Is there a way to see the league you sent?
I am in the same situation trying to sign a DX80 through the Expressway (MRA) and I would like to know the procedure and I have read several documents and I understand that it is necessary to load the Public CA certificate that contains the host name of the Expressway E, correct ?
ā04-04-2016 04:41 PM
no, it doesnĀ“t working in another devices.
CUCM: ver 11
the certs on expway, works, in jaberĀ“s client since out of network register fine on CUCM.
when I try register DX a messages appears: secure failed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide