Preview Tool

Cisco Bug: CSCur00741 - Enforce checking of CertSign bit for CAPF certificate

Last Modified

Nov 27, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases


Description (partial)

If you upload a 3rd party CA signed CAPF certificate without the Certificate Sign bit checked, phones will not register if they have a Secure Profile assigned to them.

The issue is that CAPF certificate that is signed by CA does not have the "Certificate Sign" bit set in the key usage field.
Below is the extract:
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
For a self signed certs the key usage field would be as below:
        X509v3 extensions:
            X509v3 Key Usage:
                Digital Signature, Key Encipherment, Certificate Sign

Related Community Discussions

<key>CSCur00741</key> - Enforce checking of CertSign bit for CAPF certificate
Does anyone know how to do this using the MS CA? My google search was not productive.
Latest activity: Apr 12, 2018
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.