Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
3859
Views
5
Helpful
7
Replies

HTTPS connection problem between CCA and UC540

Julien Paleni
Level 1
Level 1

ā€Ž08-10-2011 02:03 AM - edited ā€Ž03-21-2019 04:29 AM

Hi,

When I launch the CCA to configure my UC540 FXO, I encounter a problem with the https connection. I get this error message ā€œUnable to connect. SSL handshake process failed. The secure connection through HTTPS could not be establishedā€ (cf screenshot in attachement).

The connection in http is ok.

This message doesnā€™t appear the first time that I try to connect to the UC. This error appears after some days of configuration and some tests. I donā€™t make any specific action or configuration which can cause this problem.

I searched in certmgr.msc if there was an obsolete Cisco certificate but I found nothing in the console.


The only solution I found to resolve this problem is to reset the factory default settings and reconfigured totally my UCā€¦

I now use the CCA 3.1.0 and the software pack  8.2, but i I already met the problem with the older version (CCA 3.0.1 and software pack 8.1.0).

Has anyone encountered a similar problem?

I join a Wireshark capture corresponding to the connection with the CCA to the UC540.

Thanks for your help.

Labels:
Preview file
298 KB
111527-uc https problem.pcap.zip
0 Helpful
7 Replies 7

David Trad
VIP Alumni
VIP Alumni

ā€Ž08-10-2011 04:12 PM

Hi Julien,

You can turn of HTTPS and just have it go through port 80 if 443 is giving you issues, I think the only time you would really want HTTPS is if you would attempt to get CCA to connect remotely (Never tried it this way always just use VPN).

But you may need to check the CLI and see if the following is enabled on those systems giving you the issue:

ip http server
ip http authentication local
ip http secure-server
ip http path flash:

Cheers,


David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *

Julien Paleni
Level 1
Level 1
In response to David Trad

ā€Ž08-11-2011 03:53 AM

Hi David,

I agree with you, the http works for administrate my UC540 but i want understand what cause this problem.

I check in CLI the four lines that you provided, these lines are ok and identics to yours.

Cheers

0 Helpful

David Trad
VIP Alumni
VIP Alumni
In response to Julien Paleni

ā€Ž08-11-2011 07:44 PM

JULIEN!!!!

I had a revelation this morning and thought I would put my theory to the test

So I had another look at your image and noticed you were in the hostname/address tab, and I figured I would try and replicate what you are doing... At first I could not produce the results, but then realized OF COURSE!! Because CCA had already connected to these two systems before.... SO I tried it on a new UC-540 that I haven't connected to and was able to generate the same error... WhooooHoooo!!!!!!!!

OK so here is my theory, when you add a new site the system always prompts you with the certificate screen to accept, deny or choose always... But when you do it from the second tab, this does not appear even on a fresh system, I have no idea why, maybe a bug in CCA 3.1???.

So to get HTTPS to work, you need to add it to site and CCA needs to use that certificate to authenticate the HTTPS session

Well this is what my tests this morning revealed, it could just be a fluke that I was able to reproduce it (And yes that can happen a lot with me), or my theory is right, either way I am sure someone from Cisco will chime in and put me straight or confirm my theory

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *
0 Helpful

Julien Paleni
Level 1
Level 1
In response to David Trad

ā€Ž08-16-2011 08:04 AM

Hi David,

I'm not sure that you're right because some quick tests with a "site" connection show me a connection in http.

I will make some other tests and i will give you my results.

Cheers,

0 Helpful

David Trad
VIP Alumni
VIP Alumni
In response to Julien Paleni

ā€Ž08-17-2011 03:50 PM

Thanks Julien,

I await your results, I am interested in seeing what you come back with

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *
0 Helpful

jeremy.yipngow
Level 1
Level 1
In response to David Trad

ā€Ž10-06-2011 09:03 AM

Thanks. I had the same problem and this did work for me.

0 Helpful

alm7b5531
Level 1
Level 1

ā€Ž08-27-2013 11:22 AM

i have same proplem i need any one to help me as soon

i tray to this comment but stil  the problem

ip http server

ip http authentication local

ip http secure-server

ip http path flash:

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents