Guest

Preview Tool

Cisco Bug: CSCup94684 - LSC phone certificates does not contain AIA and CDP attributes

Last Modified

Jul 11, 2018

Products (1)

  • Cisco Unified PhoneProxy

Known Affected Releases

1.0(0)

Description (partial)

Symptom:
LSC phone certificates does not contain two attributes:

1)      There is no CDP extension (CRL distribution point)
2)      There is no AIA extension (Authority Information Access)

Where as MIC contains the above attributes.

As per Microsoft, they also need a subject alternative name in LSC.

Conditions:
These 2 attributes are required for ip phone LSC if we use Mircosoft NPS server. Because of this attributes are missing, ip phone with a 802.1x enabled port may not register with CUCM. Microsoft NPS will reject this request.

NPS might give the following error:

(Reason code 293):

Authentication failed. The certificate provided by the connecting user or computer is not valid because it is not configured with the Client Authentication purpose in Application Policies or Enhanced Key Usage (EKU) extensions. NPS rejected the connection request for this reason.

http://technet.microsoft.com/de-de/library/dd197508%28v=ws.10%29.aspx
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.