<div dir="ltr"><div>Hi Jason</div><div> </div><div>thanks for your Input. I have set an email address to get a notification if a certificate expires.</div><div>I have also checked all the certificates and they are valid at least until 2015. (<span>CAPF</span>.<span>pem</span> <span>ist</span> valid until May 5 22:00:41 2015 GMT)</div>
<div> </div><div>Any other ideas?</div><div> </div><div>Thanks</div><div><span>Reto</span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/2/7 Jason Burns <span dir="ltr"><<a href="mailto:burns.jason@gmail.com" target="_blank">burns.jason@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Reto and Chris,<br><br></div>I wonder how long this cluster has been installed and using security. The CAPF certificates and LSC Certificates have a lifetime of 5 years from the date of generation. It could be possible that these certificates (Either CAPF or the individual LSC certificates) have expired.<br>
<br></div>I would check the OS Administration page under Security > Certificates and view the validity period of the CAPF.pem certificate. Also, now would be a good time to go into OS Admin > Security > Certificate Monitor and configure a valid email address so you can be emailed for future certificate expiration. Keep in mind that this means you'll need to enter a valid SMTP server under OS Admin > Settings > SMTP<br>
<br></div><div>Even if I'm wrong hopefully you got some good info ;)<br></div><div><br></div>-Jason<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 7, 2013 at 9:53 AM, Chris Ward (chrward) <span dir="ltr"><<a href="mailto:chrward@cisco.com" target="_blank">chrward@cisco.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div lang="EN-US" vlink="purple" link="blue">
<div>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">What is the model and firmware version of the phones facing this issue? Is it all phones or just a subset?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">+Chris<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">Unity Connection TME<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-family:"Tahoma","sans-serif";font-size:10pt">From:</span></b><span style="font-family:"Tahoma","sans-serif";font-size:10pt"> <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Reto Gassmann<br>
<b>Sent:</b> Thursday, February 07, 2013 9:45 AM<br>
<b>To:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> [cisco-voip] TLS Error on Phone after reset<u></u><u></u></span></p><div><div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Hello group<br>
<br>
we have a problem with our phones that started this afternoon. If a phone restarts for any reason (reset oder network unplugged) it shows a TLS Error (TLS Error: [CUCM IP]).<u></u><u></u></p>
</div>
<p class="MsoNormal">We can fix the problem, when we go to the device in the CUCM Administration and choose Install/Upgrade in the CAPF Information section.<br>
After resetting the Device the IPPhone starts and updates the certificate. <u></u>
<u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12pt"><br>
What could cause such a behaviour and how could we fix it?<u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12pt">We have a CUCM 7.1(3a) and have the phones authenticated.<u></u><u></u></p>
</div>
<p class="MsoNormal">Thanks Reto<u></u><u></u></p>
</div>
</div></div></div>
</div>
<br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>