Hi,
Without seeing the CAPF SDI logs, not 100% sure what the issue here is. A guess based on the information provided here is that the issue may have to do with the RSA Key Size field setting under the Certificate Authority Proxy Function (CAPF) Information section for the device in Unified Communications Manager. It appears based on your screen shot, that the size has been set to 512. This is pretty small for implementations today. At a minimum I'd suggest changing this to 1024. Based on looking at the data sheets for Room Kit Plus / Codec Plus - this bullet suggest support begins with 1024 and higher: "X.509 Digital Certificates (DER encoded binary); both DER and Base-64 formats are acceptable for the client and server certificates; certificates with a key size of 1024, 2048, and 4096 are supported". So I'd suggest retrying with 1024 or higher set and see if you are still seeing the issue.
Barring that, you'll want to look at the logs and LSC certificate which can be done by changing the CAPF Certificate Operation setting from "Install/Upgrade" to "Troubleshooting" and reviewing the CAPF SDI logs (file list activelog cm/trace/capf/sdi at the CLI). You will find both the logs and the certificate (<device_name-or-MAC>.cer) in the SDI directory so you can also view details of the LSC certificate generated by the CAPF operation which may also provide some insight. Assuming this has to do with certificate key size, you shouldn't see an issue with the LSC, but instead something in the logs should indicate that the LSC has failed to install on the endpoint - you may also need to look at the endpoint/codec logs to be sure.
Barring that, you may want to open a case with Cisco TAC to have them conduct further analysis of your logs.
Hope that helps.
Thanks,
Jordy