Cisco Bug: CSCvu00084 - 88X1 and 88X5 phone can't verify VPN server's issuer cerficiate, so VPN connection fails
Jul 14, 2020
- Cisco IP Phone 8800 Series
Known Affected Releases
Symptom: Phone model: 88x1, 88x5 Phone load: sip88xx.12-8-1-0001-445 Conditions: Reproduced steps: (1) Upload VPN server issuer certificate to UCM, not VPN server own certiciate (2) Register phone with UCM on LAN, then get VPN configuration. (3) Change phone to WAN, then phone will try to connect with VPN server. (4) Then start TLS handshake, VPN server sends its certificate to phone. (5) Phone can't verify VPN server certificate, even it has VPN server issuer certificate. (6) VPN connection will fail Problem: (1) If upload VPN server own certificate to UCM, it will be ok. (2) However it doesn't conformity to PKI specifications. (3) If VPN server changed, I must upload new VPN server certificate to UCM again, even though VPN servers issuer not changed.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases