Guest

Preview Tool

Cisco Bug: CSCur85534 - SIP Trunk shows status 'Full Service' when X.509 Subject Name is invalid

Last Modified

Jul 24, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.0(1.13013.1) 10.5(2.10000.2)

Description (partial)

Symptom:
SIP Trunks with TLS enabled show Trunk is In Service, even if the X.509 subject name do not match the SIP Trunk security profile.
Calls made to this trunk do indeed fail with TLS negotiation error but no error is provided regarding the trunk status on the CUCM trunks page.

Conditions:
Create a secure(encrypted) SIP trunk to a device like Conductor or VCS and in the trunk security profile do not enter the X.509 subject name based on the device certificate. When you create this trunk with OPTIONS ping enabled, it is seen the CUCM shows the status of this trunk to be up/full service.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.