[cisco-voip] MRA Onboarding via activation code... phone trust list?
Jonathan Charles
jonvoip at gmail.com
Thu Nov 11 11:49:53 EST 2021
It is running 12.8... it has been locally reg'd before...
On Thu, Nov 11, 2021 at 10:44 AM Matthew Huff <mhuff at ox.com> wrote:
> In the lab, have you tried setting up the phone without MRA and get the
> firmware uploaded first? Depending on how old the firmware is, you may have
> issues with onboarding. Our 8861 wouldn’t onboard until at least 12.5.
>
>
>
> *Matthew Huff* | Director of Technical Operations | OTA Management LLC
>
>
>
> *Office: 914-460-4039*
>
> *mhuff at ox.com <mhuff at ox.com> | **www.ox.com <http://www.ox.com>*
>
>
> *...........................................................................................................................................*
>
>
>
> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> *On Behalf Of *Jonathan
> Charles
> *Sent:* Thursday, November 11, 2021 11:10 AM
> *To:* Brian Meade <bmeade90 at vt.edu>
> *Cc:* cisco-voip voyp list <cisco-voip at puck.nether.net>
> *Subject:* Re: [cisco-voip] MRA Onboarding via activation code... phone
> trust list?
>
>
>
> On the phone, we see TLS connection failed... the E's cert is signed by
> Let's Encrypt...
>
>
>
> On the Expressway E we see some certificate exchange and then resets in
> the connection...
>
>
>
> MRA works fine for Jabber.... just 8845 Activation Code onboarding is
> failing...
>
>
>
>
>
> Jonathan
>
>
>
> On Tue, Nov 9, 2021 at 5:57 PM Brian Meade <bmeade90 at vt.edu> wrote:
>
> What's the console logs show?
>
>
>
> The Expressway needs to be signed by one of the trusted CAs listed that
> are part of the phone firmware.
>
>
>
> The Expressway cert authenticates the phone with the MIC.
>
>
>
> Do you have activation code onboarding enabled under the MRA config on the
> Expressway-C?
>
>
>
> On Fri, Nov 5, 2021, 5:30 PM Jonathan Charles <jonvoip at gmail.com> wrote:
>
> So, I set up activation code MRA for an 8845 (lab first)...
>
>
>
> Cloud onboarding worked, got an activation code, tried it out...
>
>
>
> Phone kicks back 'check internet connectivtity' and on the status on the
> phone says:
>
>
>
> GDS Handshake Succeeded
>
> A TLS connection failed...
>
>
>
> GDS is Cisco's cloud onboarding thingy.... I am assuming it didn't like
> the TLS connection the expressway, but I don't see anything in the
> Expressway logs...
>
>
>
> There is a bug and it says we need to load a Hydrant cert back into the
> trust store...
>
> https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt67257?rfs=iqvred
>
>
>
> But where do we need to load it? Tomcat Trust? On the Expressways? The bug
> doesn't say... it needs to be pushed to the phone's trust list, how do you
> do that?
>
>
>
>
>
> Thanks!
>
>
>
> Jonathan
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20211111/d12025ca/attachment.htm>
More information about the cisco-voip
mailing list