[cisco-voip] MRA Onboarding via activation code... phone trust list?

[Jonathan Charles]

On the phone, we see TLS connection failed... the E's cert is signed by
Let's Encrypt...

On the Expressway E we see some certificate exchange and then resets in the
connection...

MRA works fine for Jabber.... just 8845 Activation Code onboarding is
failing...


Jonathan

On Tue, Nov 9, 2021 at 5:57 PM Brian Meade <bmeade90 at vt.edu> wrote:

> What's the console logs show?
>
> The Expressway needs to be signed by one of the trusted CAs listed that
> are part of the phone firmware.
>
> The Expressway cert authenticates the phone with the MIC.
>
> Do you have activation code onboarding enabled under the MRA config on the
> Expressway-C?
>
> On Fri, Nov 5, 2021, 5:30 PM Jonathan Charles <jonvoip at gmail.com> wrote:
>
>> So, I set up activation code MRA for an 8845 (lab first)...
>>
>> Cloud onboarding worked, got an activation code, tried it out...
>>
>> Phone kicks back 'check internet connectivtity' and on the status on the
>> phone says:
>>
>> GDS Handshake Succeeded
>> A TLS connection failed...
>>
>> GDS is Cisco's cloud onboarding thingy.... I am assuming it didn't like
>> the TLS connection the expressway, but I don't see anything in the
>> Expressway logs...
>>
>> There is a bug and it says we need to load a Hydrant cert back into the
>> trust store...
>> https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt67257?rfs=iqvred
>>
>> But where do we need to load it? Tomcat Trust? On the Expressways? The
>> bug doesn't say... it needs to be pushed to the phone's trust list, how do
>> you do that?
>>
>>
>> Thanks!
>>
>> Jonathan
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20211111/1e782a6d/attachment.htm>