[cisco-voip] 7945 Corporate Directory > host not found

Jason Aarons (AM) jason.aarons at dimensiondata.com
Tue Sep 30 20:15:00 EDT 2014


Seems the phones have a mix of loads.  Not sure why yet.

This 7945 did have  9.1.1SR1 and deleting the ITL fixed it;

https://www.youtube.com/watch?v=I6RAICHQac0


From: Ryan Ratliff (rratliff) [mailto:rratliff at cisco.com]
Sent: Tuesday, September 30, 2014 2:15 PM
To: Jason Aarons (AM)
Cc: cisco-voip voyp list
Subject: Re: [cisco-voip] 7945 Corporate Directory > host not found

That's definitely what got the 9971s.  I'm still not sold on the 79XX if they really are running 8.5.

-Ryan

On Sep 30, 2014, at 2:12 PM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:

We did a same version hardware replacement using DRS in 8.5.1 (no SU).

I think this is their problem.  Manually deleting the ITL resolved it.


CSCtn50405 CUCM DRF Backup does not backup certificates
Backup files created by DRS do not contain the required certificates to maintain Security By Default functionality after a restore. After restoring for disaster recovery, hardware migration, or bridge upgrade, manually deleting ITL files on phones may be necessary unless an upgrade for this defect is performed before taking a backup. See the Bug Details of fix CSCtn50405 for complete instructions on resolving this issue.<http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn50405>
This issue is fixed in Cisco Unified Communications Manager versions 8.5(1)su2 and higher.


From: Ryan Ratliff (rratliff) [mailto:rratliff at cisco.com]
Sent: Tuesday, September 30, 2014 10:01 AM
To: Jason Aarons (AM)
Cc: cisco-voip voyp list
Subject: Re: [cisco-voip] 7945 Corporate Directory > host not found

Inline,

PS wow, 8.5(2), released June 1 2009.


-Ryan

On Sep 30, 2014, at 9:09 AM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:


Getting similar problem (Corp Dir shows Host Not Found) at another customer, who has had CAPF service set to Inactive on Pub. Etc

Doesn't CAPF need to be running along with CTL for phones to get an ITL, so that Corp Dir can use the https of "Application:Cisco..." ?
No, CAPF is only for CTL, not ITL.




This customer is running 8.5.1-10000-26 with 7945s running 8.5.2S and 9971s running  9.1.1SR1.   I'm not showing a ITL on their phones.
The 79XX phones don't support Security By Default until 9.0(2).
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/firmware/9_0_2/english/release/notes/7900_902.html

I'd also guess they don't support internal services so this one is going to be a classic Enterprise Parameters for the standard DNS errors, etc.




So does the latest 10.5.1 have the fix for CSCuh96737 ?  Reading the fixed in versions...

No, the fix will be in 10.6 (or whatever the next release is).





From: Ryan Ratliff (rratliff) [mailto:rratliff at cisco.com]
Sent: Monday, May 12, 2014 12:08 PM
To: Jason Aarons (AM)
Cc: Brian Meade; cisco-voip voyp list
Subject: Re: [cisco-voip] 7945 Corporate Directory > host not found

CSCui22934 has the workaround for this (and should have updated the relevant docs).  CSCuh96737 is the real fix and not fixed in any release (yet, crossing fingers).

As Brian indicated the rollback parameter doesn't really disable SBD, it just lets the phone accept the next ITL it gets, just as if it didn't have an ITL to begin with.

The real problem is the phones are hard-coded to build the URL for the "Application:Cisco..." services and will always use https:// URLs.

-Ryan

On May 6, 2014, at 5:14 PM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:

I did forget about that settings.  Will re-visit it tomorrow, should work on per-phone basis.

From: bmeade90 at gmail.com<mailto:bmeade90 at gmail.com> [mailto:bmeade90 at gmail.com] On Behalf Of Brian Meade
Sent: Tuesday, May 06, 2014 4:55 PM
To: Jason Aarons (AM)
Cc: cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>)
Subject: Re: [cisco-voip] 7945 Corporate Directory > host not found

You can set the Services Provisioning on an individual phone to External.

On Tue, May 6, 2014 at 4:52 PM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:
I don't want to touch Enterprise Params (reset 2000+ phones, else I would just enable SBD) for a temp fix.  I tried setting Directory URL on the phone itself but that didn't resolve the issue either since the Enterprise Param is default to Internal.

From: bmeade90 at gmail.com<mailto:bmeade90 at gmail.com> [mailto:bmeade90 at gmail.com<mailto:bmeade90 at gmail.com>] On Behalf Of Brian Meade
Sent: Tuesday, May 06, 2014 4:32 PM

To: Jason Aarons (AM)
Cc: cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>)
Subject: Re: [cisco-voip] 7945 Corporate Directory > host not found


The phones now use a different method for reaching out to corporate directory now that Services Provisioning is set to Internal by default.  You can try changing the Services Provisioning to External under Enterprise Parameters and then change the Corporate Directory IP Phone Service to point towards the actual Corporate Directory URL.

Brian

On Tue, May 6, 2014 at 4:22 PM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:
CUCM 9.1.2SU1  I built a new cluster/DRS restored, etc, then modified the Enterprise Parameters " Prepare Cluster for Rollback to pre-8.0" set to True before  added any phones and rebooted cluster.  In short, I disabled Security By Default. Also under Enterprise Parameters I removed all entries under "Secured Phone URL Parameters".  We've also rebooted the cluster twice since doing this in January, then swapped our 7x cluster to the new 9.1.2SU1  cluster last week. No problems, and we could go back to our 7x cluster if we needed to back out.

I've left SBD disabled, however on the 7970s/7945s when I go into Directories > Corporate Directory I get a "host not found".  I also erased the ITL file just to be sure that wasn't the problem. That didn't resolve the issue.  Show itl looks good on the Pub, but again I've disabled SBD. So it shouldn't matter.

Is Corporate Directory just not available unless SBD is turned on?



7945 Phone Console log
|== Syslogd TNP== Mon May  5 14:46:37 2014
====================================================
6406: ERR 14:46:37.942214 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <10.88.233.101> c:9 s:10
6407: ERR 14:46:37.942965 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <10.88.233.101> c:9 s:10
6408: ERR 14:46:37.943683 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<10.88.233.101>
6409: ERR 14:46:37.944303 SECD: EROR:secErr_errStr:  *** bad err table ***
6410: ERR 14:46:37.944981 SECD: EROR:secErr_errStr: ** SEC-ERR: code:3(N/A) subcode:9(UNKNOWN_CERT)
6411: ERR 14:46:37.945654 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <HTTPS cert not in CTL>
6412: ERR 14:46:37.971834 JVM: Entering StcpOpenActiveSSL
6413: ERR 14:46:37.972504 JVM: Attempting HTTPS connect to 10.88.233.101
6414: ERR 14:46:37.975250 JVM: TLS connect pending
6415: ERR 14:46:37.975880 JVM: Leaving StcpOpenActiveSSL
6416: NOT 14:46:37.978149 SECD: clpDelClnt: closing conn to <10.88.233.101>, c:9, s:10
6417: NOT 14:46:37.979860 SECD: clpDelClnt: Adding a one second delay before we close the local socket

6418: NOT 14:46:37.983042 SECD: clpGetConnParams: IP Mode is 0, addr : 10.88.233.101

6419: NOT 14:46:37.983804 SECD: clpSetupSsl: IP TOS : 0

6420: NOT 14:46:37.984904 SECD: clpSetupSsl: HTTPS SSL/TLS req <10.88.233.101, TOS 0>
6421: WRN 14:46:37.986486 SECD: WARN:clpSetupSsl: no LSC for HTTPS, will try MIC, <10.88.233.101> c:11
6422: NOT 14:46:37.987268 SECD: clpSetupSsl: HTTPS, TLSv1, cert MIC, cipher [AES256-SHA:AES128-SHA:DES-CBC3-SHA]
6423: NOT 14:46:37.988270 SECD: clpSetupSsl: binding to lport
6424: NOT 14:46:37.988991 SECD: clpSetupSsl: setsockopt SOL_SOCKET set

6425: NOT 14:46:37.989655 SECD: clpSetupSsl: Set the TCP keepalive option

6426: NOT 14:46:37.991635 SECD: clpSetupSsl: binding to , <(null)>:<0>
6427: NOT 14:46:37.992502 SECD: clpSetupSsl: Trying to connect to IPV4, IP: 10.88.233.101, Port : 8443
6428: NOT 14:46:37.993574 SECD: clpSetupSsl: TCP connect() waiting, <10.88.233.101> c:11 s:10 port: 8443
6429: NOT 14:46:37.994792 SECD: clpSetupSsl: TCP connected, <10.88.233.101> c:11 s:10
6430: NOT 14:46:37.995658 SECD: clpSetupSsl: start SSL/TLS handshake, <10.88.233.101> c:11 s:10
6431: NOT 14:46:38.001216 SECD: srvr_cert_vfy: Server Certificate Validation needs to be done
6432: NOT 14:46:38.002712 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from CTL file
6433: NOT 14:46:38.003515 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from ITL file
6434: WRN 14:46:38.004221 SECD: WARN:getSubjectCTLentry: default lookup failed, try lookup using DN
6435: NOT 14:46:38.004896 SECD: findByCertAndRoleInTL: Searching TL from CTL file
6436: NOT 14:46:38.005562 SECD: findByCertAndRoleInTL: Searching TL from ITL file
6437: ERR 14:46:38.006260 SECD: EROR:https_cert_vfy: HTTPS cert not in CTL, <10.88.233.101>
6438: NOT 14:46:38.007020 SECD: srvr_cert_vfy:  ** srvr cert verify FAILED ** <10.88.233.101>
6439: ERR 14:46:38.008171 SECD: EROR:clpState: SSL3 alert write:fatal:handshake failure:<10.88.233.101>
6440: ERR 14:46:38.009273 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <10.88.233.101> c:11 s:10
6441: ERR 14:46:38.011328 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <10.88.233.101> c:11 s:10
6442: ERR 14:46:38.012058 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <10.88.233.101> c:11 s:10
6443: ERR 14:46:38.012784 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<10.88.233.101>
6444: ERR 14:46:38.013473 SECD: EROR:secErr_errStr:  *** bad err table ***
6445: ERR 14:46:38.014168 SECD: EROR:secErr_errStr: ** SEC-ERR: code:3(N/A) subcode:9(UNKNOWN_CERT)
6446: ERR 14:46:38.014843 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <HTTPS cert not in CTL>
6447: ERR 14:46:38.031312 JVM: Entering StcpOpenActiveSSL
6448: ERR 14:46:38.031990 JVM: Attempting HTTPS connect to 10.88.233.101
6449: ERR 14:46:38.034667 JVM: TLS connect pending
6450: ERR 14:46:38.035347 JVM: Leaving StcpOpenActiveSSL
6451: NOT 14:46:38.036612 SECD: clpDelClnt: closing conn to <10.88.233.101>, c:11, s:10
6452: NOT 14:46:38.038317 SECD: clpDelClnt: Adding a one second delay before we close the local socket

6453: NOT 14:46:38.040534 SECD: clpGetConnParams: IP Mode is 0, addr : 10.88.233.101

6454: NOT 14:46:38.041278 SECD: clpSetupSsl: IP TOS : 0

6455: NOT 14:46:38.042421 SECD: clpSetupSsl: HTTPS SSL/TLS req <10.88.233.101, TOS 0>
6456: WRN 14:46:38.044006 SECD: WARN:clpSetupSsl: no LSC for HTTPS, will try MIC, <10.88.233.101> c:12
6457: NOT 14:46:38.044799 SECD: clpSetupSsl: HTTPS, TLSv1, cert MIC, cipher [AES256-SHA:AES128-SHA:DES-CBC3-SHA]
6458: NOT 14:46:38.045788 SECD: clpSetupSsl: binding to lport
6459: NOT 14:46:38.046519 SECD: clpSetupSsl: setsockopt SOL_SOCKET set

6460: NOT 14:46:38.047183 SECD: clpSetupSsl: Set the TCP keepalive option

6461: NOT 14:46:38.047868 SECD: clpSetupSsl: binding to , <(null)>:<0>
6462: NOT 14:46:38.048644 SECD: clpSetupSsl: Trying to connect to IPV4, IP: 10.88.233.101, Port : 8443
6463: NOT 14:46:38.049777 SECD: clpSetupSsl: TCP connect() waiting, <10.88.233.101> c:12 s:10 port: 8443
6464: NOT 14:46:38.052303 SECD: clpSetupSsl: TCP connected, <10.88.233.101> c:12 s:10
6465: NOT 14:46:38.053150 SECD: clpSetupSsl: start SSL/TLS handshake, <10.88.233.101> c:12 s:10
6466: NOT 14:46:38.058035 SECD: srvr_cert_vfy: Server Certificate Validation needs to be done
6467: NOT 14:46:38.059539 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from CTL file
6468: NOT 14:46:38.066141 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from ITL file
6469: WRN 14:46:38.067100 SECD: WARN:getSubjectCTLentry: default lookup failed, try lookup using DN
6470: NOT 14:46:38.067801 SECD: findByCertAndRoleInTL: Searching TL from CTL file
6471: NOT 14:46:38.068715 SECD: findByCertAndRoleInTL: Searching TL from ITL file
6472: ERR 14:46:38.069643 SECD: EROR:https_cert_vfy: HTTPS cert not in CTL, <10.88.233.101>
6473: NOT 14:46:38.072027 SECD: srvr_cert_vfy:  ** srvr cert verify FAILED ** <10.88.233.101>
6474: ERR 14:46:38.074086 SECD: EROR:clpState: SSL3 alert write:fatal:handshake failure:<10.88.233.101>
6475: ERR 14:46:38.075260 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <10.88.233.101> c:12 s:10
6476: ERR 14:46:38.076038 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <10.88.233.101> c:12 s:10
6477: ERR 14:46:38.076977 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <10.88.233.101> c:12 s:10
6478: ERR 14:46:38.077956 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<10.88.233.101>
6479: ERR 14:46:38.078662 SECD: EROR:secErr_errStr:  *** bad err table ***
6480: ERR 14:46:38.079529 SECD: EROR:secErr_errStr: ** SEC-ERR: code:3(N/A) subcode:9(UNKNOWN_CERT)
6481: ERR 14:46:38.080764 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <HTTPS cert not in CTL>
6482: WRN 14:46:38.105233 JVM: Startup Module Loader|cip.http.ae<http://cip.http.ae/>:? - listener.httpFailed
6483: NOT 14:46:38.164083 SECD: clpDelClnt: closing conn to <10.88.233.101>, c:12, s:10
6484: NOT 14:46:38.166683 SECD: clpDelClnt: Adding a one second delay before we close the local socket

6485: WRN 14:46:39.086678 CDP-D: lldpInetdStatsRsp: port: 1
6486: WRN 14:46:40.541299 JVM: Startup Module Loader|HttpClientTask:? - Current State = 2                this=cip.http.ae at 5301c7<mailto:this=cip.http.ae at 5301c7>
6487: ERR 14:46:40.573518 JVM: WcAnalyzeUrl: Port = 8443, scheme = eWcSchemeHttps, fHostName =
6488: ERR 14:46:40.574255 JVM: Not TLS <1> or Not DefaultTls Port <8443>
6489: ERR 14:46:40.590516 JVM: Entering StcpOpenActiveSSL
6490: ERR 14:46:40.591245 JVM: Attempting HTTPS connect to 10.88.233.101
6491: ERR 14:46:40.593806 JVM: TLS connect pending
6492: ERR 14:46:40.594443 JVM: Leaving StcpOpenActiveSSL
6493: NOT 14:46:40.600547 SECD: clpGetConnParams: IP Mode is 0, addr : 10.88.233.101

6494: NOT 14:46:40.601306 SECD: clpSetupSsl: IP TOS : 0

6495: NOT 14:46:40.602460 SECD: clpSetupSsl: HTTPS SSL/TLS req <10.88.233.101, TOS 0>
6496: WRN 14:46:40.603970 SECD: WARN:clpSetupSsl: no LSC for HTTPS, will try MIC, <10.88.233.101> c:9
6497: NOT 14:46:40.604802 SECD: clpSetupSsl: HTTPS, TLSv1, cert MIC, cipher [AES256-SHA:AES128-SHA:DES-CBC3-SHA]
6498: NOT 14:46:40.605802 SECD: clpSetupSsl: binding to lport
6499: NOT 14:46:40.606527 SECD: clpSetupSsl: setsockopt SOL_SOCKET set

6500: NOT 14:46:40.607194 SECD: clpSetupSsl: Set the TCP keepalive option

6501: NOT 14:46:40.607875 SECD: clpSetupSsl: binding to , <(null)>:<0>
6502: NOT 14:46:40.608648 SECD: clpSetupSsl: Trying to connect to IPV4, IP: 10.88.233.101, Port : 8443
6503: NOT 14:46:40.609739 SECD: clpSetupSsl: TCP connect() waiting, <10.88.233.101> c:9 s:10 port: 8443
6504: NOT 14:46:40.612299 SECD: clpSetupSsl: TCP connected, <10.88.233.101> c:9 s:10
6505: NOT 14:46:40.613167 SECD: clpSetupSsl: start SSL/TLS handshake, <10.88.233.101> c:9 s:10
6506: NOT 14:46:40.618252 SECD: srvr_cert_vfy: Server Certificate Validation needs to be done
6507: NOT 14:46:40.619760 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from CTL file
6508: NOT 14:46:40.620895 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from ITL file
6509: WRN 14:46:40.621660 SECD: WARN:getSubjectCTLentry: default lookup failed, try lookup using DN
6510: NOT 14:46:40.622347 SECD: findByCertAndRoleInTL: Searching TL from CTL file
6511: NOT 14:46:40.623015 SECD: findByCertAndRoleInTL: Searching TL from ITL file
6512: ERR 14:46:40.623662 SECD: EROR:https_cert_vfy: HTTPS cert not in CTL, <10.88.233.101>
6513: NOT 14:46:40.624376 SECD: srvr_cert_vfy:  ** srvr cert verify FAILED ** <10.88.233.101>
6514: ERR 14:46:40.625576 SECD: EROR:clpState: SSL3 alert write:fatal:handshake failure:<10.88.233.101>
6515: ERR 14:46:40.626671 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <10.88.233.101> c:9 s:10
6516: ERR 14:46:40.627417 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <10.88.233.101> c:9 s:10
6517: ERR 14:46:40.628133 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <10.88.233.101> c:9 s:10
6518: ERR 14:46:40.628819 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<10.88.233.101>
6519: ERR 14:46:40.629479 SECD: EROR:secErr_errStr:  *** bad err table ***
6520: ERR 14:46:40.631492 SECD: EROR:secErr_errStr: ** SEC-ERR: code:3(N/A) subcode:9(UNKNOWN_CERT)
6521: ERR 14:46:40.632202 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <HTTPS cert not in CTL>
6522: ERR 14:46:40.654312 JVM: Entering StcpOpenActiveSSL
6523: ERR 14:46:40.654988 JVM: Attempting HTTPS connect to 10.88.233.101
6524: ERR 14:46:40.657678 JVM: TLS connect pending
6525: ERR 14:46:40.658302 JVM: Leaving StcpOpenActiveSSL
6526: NOT 14:46:40.662375 SECD: clpDelClnt: closing conn to <10.88.233.101>, c:9, s:10
6527: NOT 14:46:40.664389 SECD: clpDelClnt: Adding a one second delay before we close the local socket

6528: NOT 14:46:40.667265 SECD: clpGetConnParams: IP Mode is 0, addr : 10.88.233.101

6529: NOT 14:46:40.668021 SECD: clpSetupSsl: IP TOS : 0

6530: NOT 14:46:40.669161 SECD: clpSetupSsl: HTTPS SSL/TLS req <10.88.233.101, TOS 0>
6531: WRN 14:46:40.671939 SECD: WARN:clpSetupSsl: no LSC for HTTPS, will try MIC, <10.88.233.101> c:11
6532: NOT 14:46:40.672734 SECD: clpSetupSsl: HTTPS, TLSv1, cert MIC, cipher [AES256-SHA:AES128-SHA:DES-CBC3-SHA]
6533: NOT 14:46:40.673766 SECD: clpSetupSsl: binding to lport
6534: NOT 14:46:40.674488 SECD: clpSetupSsl: setsockopt SOL_SOCKET set

6535: NOT 14:46:40.675149 SECD: clpSetupSsl: Set the TCP keepalive option

6536: NOT 14:46:40.675834 SECD: clpSetupSsl: binding to , <(null)>:<0>
6537: NOT 14:46:40.676606 SECD: clpSetupSsl: Trying to connect to IPV4, IP: 10.88.233.101, Port : 8443
6538: NOT 14:46:40.677628 SECD: clpSetupSsl: TCP connect() waiting, <10.88.233.101> c:11 s:10 port: 8443
6539: NOT 14:46:40.678905 SECD: clpSetupSsl: TCP connected, <10.88.233.101> c:11 s:10
6540: NOT 14:46:40.679770 SECD: clpSetupSsl: start SSL/TLS handshake, <10.88.233.101> c:11 s:10
6541: NOT 14:46:40.686198 SECD: srvr_cert_vfy: Server Certificate Validation needs to be done
6542: NOT 14:46:40.687709 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from CTL file
6543: NOT 14:46:40.688466 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from ITL file
6544: WRN 14:46:40.689215 SECD: WARN:getSubjectCTLentry: default lookup failed, try lookup using DN
6545: NOT 14:46:40.689899 SECD: findByCertAndRoleInTL: Searching TL from CTL file
6546: NOT 14:46:40.691758 SECD: findByCertAndRoleInTL: Searching TL from ITL file
6547: ERR 14:46:40.692506 SECD: EROR:https_cert_vfy: HTTPS cert not in CTL, <10.88.233.101>
6548: NOT 14:46:40.693215 SECD: srvr_cert_vfy:  ** srvr cert verify FAILED ** <10.88.233.101>
6549: ERR 14:46:40.694368 SECD: EROR:clpState: SSL3 alert write:fatal:handshake failure:<10.88.233.101>
6550: ERR 14:46:40.695536 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <10.88.233.101> c:11 s:10
6551: ERR 14:46:40.696283 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <10.88.233.101> c:11 s:10
6552: ERR 14:46:40.696990 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <10.88.233.101> c:11 s:10
6553: ERR 14:46:40.697675 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<10.88.233.101>
6554: ERR 14:46:40.698352 SECD: EROR:secErr_errStr:  *** bad err table ***
6555: ERR 14:46:40.699084 SECD: EROR:secErr_errStr: ** SEC-ERR: code:3(N/A) subcode:9(UNKNOWN_CERT)
6556: ERR 14:46:40.699755 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <HTTPS cert not in CTL>
6557: ERR 14:46:40.711280 JVM: Entering StcpOpenActiveSSL
6558: ERR 14:46:40.711965 JVM: Attempting HTTPS connect to 10.88.233.101
6559: ERR 14:46:40.714647 JVM: TLS connect pending
6560: ERR 14:46:40.715275 JVM: Leaving StcpOpenActiveSSL
6561: NOT 14:46:40.726781 SECD: clpDelClnt: closing conn to <10.88.233.101>, c:11, s:10
6562: NOT 14:46:40.729492 SECD: clpDelClnt: Adding a one second delay before we close the local socket

6563: NOT 14:46:40.738420 SECD: clpGetConnParams: IP Mode is 0, addr : 10.88.233.101

6564: NOT 14:46:40.739392 SECD: clpSetupSsl: IP TOS : 0

6565: NOT 14:46:40.742081 SECD: clpSetupSsl: HTTPS SSL/TLS req <10.88.233.101, TOS 0>
6566: WRN 14:46:40.743962 SECD: WARN:clpSetupSsl: no LSC for HTTPS, will try MIC, <10.88.233.101> c:12
6567: NOT 14:46:40.744961 SECD: clpSetupSsl: HTTPS, TLSv1, cert MIC, cipher [AES256-SHA:AES128-SHA:DES-CBC3-SHA]
6568: NOT 14:46:40.746263 SECD: clpSetupSsl: binding to lport
6569: NOT 14:46:40.746995 SECD: clpSetupSsl: setsockopt SOL_SOCKET set

6570: NOT 14:46:40.747935 SECD: clpSetupSsl: Set the TCP keepalive option

6571: NOT 14:46:40.748852 SECD: clpSetupSsl: binding to , <(null)>:<0>
6572: NOT 14:46:40.749652 SECD: clpSetupSsl: Trying to connect to IPV4, IP: 10.88.233.101, Port : 8443
6573: NOT 14:46:40.752569 SECD: clpSetupSsl: TCP connect() waiting, <10.88.233.101> c:12 s:10 port: 8443
6574: NOT 14:46:40.754342 SECD: clpSetupSsl: TCP connected, <10.88.233.101> c:12 s:10
6575: NOT 14:46:40.755237 SECD: clpSetupSsl: start SSL/TLS handshake, <10.88.233.101> c:12 s:10
6576: NOT 14:46:40.761830 SECD: srvr_cert_vfy: Server Certificate Validation needs to be done
6577: NOT 14:46:40.763543 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from CTL file
6578: NOT 14:46:40.764523 SECD: findByIssuerAndSerialAndRoleInTL: Searching TL from ITL file
6579: WRN 14:46:40.765531 SECD: WARN:getSubjectCTLentry: default lookup failed, try lookup using DN
6580: NOT 14:46:40.766236 SECD: findByCertAndRoleInTL: Searching TL from CTL file
6581: NOT 14:46:40.767122 SECD: findByCertAndRoleInTL: Searching TL from ITL file
6582: ERR 14:46:40.767844 SECD: EROR:https_cert_vfy: HTTPS cert not in CTL, <172.19.233.101>
6583: NOT 14:46:40.768794 SECD: srvr_cert_vfy:  ** srvr cert verify FAILED ** <172.19.233.101>
6584: ERR 14:46:40.772107 SECD: EROR:clpState: SSL3 alert write:fatal:handshake failure:<172.19.233.101>
6585: ERR 14:46:40.773270 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <172.19.233.101> c:12 s:10
6586: ERR 14:46:40.774239 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <172.19.233.101> c:12 s:10
6587: ERR 14:46:40.775243 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <172.19.233.101> c:12 s:10
6588: ERR 14:46:40.775968 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<172.19.233.101>
6589: ERR 14:46:40.776868 SECD: EROR:secErr_errStr:  *** bad err table ***
6590: ERR 14:46:40.777633 SECD: EROR:secErr_errStr: ** SEC-ERR: code:3(N/A) subcode:9(UNKNOWN_CERT)
6591: ERR 14:46:40.778542 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <HTTPS cert not in CTL>
6592: WRN 14:46:40.799928 JVM: Startup Module Loader|cip.http.ae<http://cip.http.ae/>:? - listener.httpFailed
6593: NOT 14:46:40.846889 SECD: clpDelClnt: closing conn to <172.19.233.101>, c:12, s:10
6594: NOT 14:46:40.849538 SECD: clpDelClnt: Adding a one second delay before we close the local socket






_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip



itevomcid

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141001/bb4aae34/attachment.html>


More information about the cisco-voip mailing list