Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
407
Views
1
Helpful
2
Replies

CUCM Certificate Issues

jbookshar
Level 1
Level 1

ā€Ž07-28-2023 08:48 AM

We are having trouble configuring our CUCM (Version 10.5.2.10000-5) for use with an AS-SIP phone. We have downloaded the CSR from the CUCM and used it to create a Cert that we have put on the CUCM. When I create the cert and try to upload it to the Phone-Trust I am seeing a status message saying "Certificate is valid only between Fri Jul 28 10:16:38 EDT 2023 and Tue Oct 14 10:16:38 EDT 2031". It doesn't make sense to me why it is complaining about this. That time period appears valid to me. I checked the time on the server and I see that it is using our NTP server. Can anyone chime in on what might be going on here?

Also, for some reason after some time I am able to load the CERT without any issues. Although, the cert is loaded I am unable to call the AS-SIP phone because the TLS handshake fails. Is there way to debug this at the CUCM?

Labels:
0 Helpful
2 Replies 2

b.winter
VIP
VIP

ā€Ž07-30-2023 11:14 PM - edited ā€Ž07-30-2023 11:15 PM

How to debug calls in CUCM?!
You are changing certs on CUCM but don't know how to debug calls?! You've never heard of RTMT?
You are doing fundamental changes and you are not able to do basic troubleshooting? This doesn't fit together...

0 Helpful

Beverly09
Level 1
Level 1

ā€Ž07-30-2023 11:24 PM - edited ā€Ž07-31-2023 09:36 PM

@jbookshar wrote: 

We are having trouble configuring our CUCM (Version 10.5.2.10000-5) for use with an AS-SIP phone. We have downloaded the CSR from the CUCM and used it to create a Cert that we have put on the CUCM. When I create the cert and try to upload it to the Phone-Trust I am seeing a status message saying "Certificate is valid only between Fri Jul 28 10:16:38 EDT 2023 and Tue Oct 14 10:16:38 EDT 2031". It doesn't make sense to me why it is complaining about this. That time period appears valid to me. I checked the time on the server and I see that it is using our NTP server. Can anyone chime in on what might be going on here?

Also, for some reason after some time I am able to load the CERT without any issues. Although, the cert is loaded I am unable to call the AS-SIP phone because the TLS handshake fails. Is there way to debug this at the CUCM?

Check the NTP settings on both devices to ensure they are using the same time source. If the clocks are not synchronized, the certificate's validity period might not match the AS-SIP phone's time, leading to the error. To debug the TLS handshake failure, enable detailed logging on the CUCM for the relevant components (e.g., SIP, TLS). Review the logs to identify any errors or issues during the handshake process. You may also consider checking the AS-SIP phone's logs for further insights into the problem.

I hope this will be help you.

livetheorangelife
Customers Also Viewed These Support Documents