Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
239
Views
0
Helpful
0
Replies

CUCM CAPF: can we change the common name in the LSC?

Johannes Wendling
Level 1
Level 1

‎08-28-2023 07:38 AM

Hi guys,
we are using the CAPF service on the CUCM Publisher to sign LSCs for our Cisco phones.
This works fine for 802.1x with the customers ISE.

But we now have the issue, that we cannot access the phones webpages, because the provided certificate/ LSC does not match the URL accessed:
a) when accessing via the IP-address https://10.26.12.128: the LSC obviously does not contain the DHCP assigned IP in the subject alternative names:
JohannesWendling_0-1693232521107.png

b) when accessing with the hostname https://SEP00A289FB3654: the common-name in the LSC does not match the Hostname or the FQDN:
JohannesWendling_1-1693232666714.png

JohannesWendling_2-1693233072725.png

 

Some additional notes:
The customer has disabled the option to ignore the error in the browser.
Only HTTPS is allowed on the phones, because of security
The customers DHCP server dynamically creates DNS A-Records for the phones, thats why we can enter the hostname in the browser and don't need to search for the IP in CUCM.

 

Can we configure the CAPF service to set a different common name? "SEP" + MAC is already unique, no need to add "CP" or the device type. Or can we include the devicename SEP00A289FB3654 as a subject alternative name?

Thank you, Johannes

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents