Guest

Preview Tool

Cisco Bug: CSCvt74089 - Expressway Allows Uploading Of A Certificate Bundle to Server Certificate Page

Last Modified

Sep 18, 2020

Products (3)

  • Cisco TelePresence Video Communication Server (VCS)
  • Cisco TelePresence Video Communication Server Model
  • Cisco Expressway

Known Affected Releases

X12.5 X12.5.1 X12.5.2 X12.5.3 X12.5.4

Description (partial)

Symptom:
The Expresssway servers are deployed and have CA and Intermediate Certificates uploaded to the Trust CA Store.  Then the administrator uploads a certificate bundle to the Server Certificate of the Expressways.  There is no error reported for this upload.

This will lead to SIP registration failure for MRA devices.

Conditions:
While the certificates are stored in this manner the users Register SIP message cannot be authenticated by the 407 Proxy request showing the error:  

2020-04-06T15:16:16.070-04:00 vcse1 tvcs: Event="Authentication Failed" Service="SIP" Src-ip="<Users Pubic IP for Jabber>" Src-port="57665" Detail="No valid authentication" Protocol="TLS" Method="REGISTER" Level="1" UTCTime="2020-04-06 19:16:16,069"
2020-04-06T15:16:16.070-04:00 vcse1 tvcs: UTCTime="2020-04-06 19:16:16,069" Module="developer.sip.identity" Level="ERROR" CodeLocation="ppcmains/sip/sipidentity/signature/SipIdentitySignature.cpp(211)" Method="sipidentity::verifySignedIdentityDigest" Thread="0x7fe54bd78700":  Detail="Error verifying digest" openssl="error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length"
2020-04-06T15:16:16.070-04:00 vcse1 tvcs: UTCTime="2020-04-06 19:16:16,069" Module="developer.sipservice.status" Level="INFO" CodeLocation="ppcmains/oak/sipservice/common/SipServiceStatus.cpp(402)" Method="SipServiceStatus::getDomain" Thread="0x7fe54bd78700":  Detail="Unknown domain" Domain="<ip-address of the CUCM>"
2020-04-06T15:16:16.070-04:00 vcse1 tvcs: UTCTime="2020-04-06 19:16:16,069" Module="developer.sipservice.status" Level="INFO" CodeLocation="ppcmains/oak/sipservice/common/SipServiceStatus.cpp(402)" Method="SipServiceStatus::getDomain" Thread="0x7fe54bd78700":  Detail="Unknown domain" Domain="<ip-address of the CUCM>"
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.