Guest

Preview Tool

Cisco Bug: CSCvu00084 - 88X1 and 88X5 phone can't verify VPN server's issuer cerficiate, so VPN connection fails

Last Modified

Jul 14, 2020

Products (1)

  • Cisco IP Phone 8800 Series

Known Affected Releases

12.8(1)

Description (partial)

Symptom:
Phone model: 88x1, 88x5
Phone load: sip88xx.12-8-1-0001-445

Conditions:
Reproduced steps:
(1) Upload VPN server issuer certificate to UCM, not VPN server own certiciate
(2) Register phone with UCM on LAN, then get VPN configuration.
(3) Change phone to WAN, then phone will try to connect with VPN server.
(4) Then start TLS handshake, VPN server sends its certificate to phone.
(5) Phone can't verify VPN server certificate, even it has VPN server issuer certificate.
(6) VPN connection will fail

Problem:
(1) If upload VPN server own certificate to UCM, it will be ok.
(2) However it doesn't conformity to PKI specifications.
(3) If VPN server changed, I must upload new VPN server certificate to UCM again, even though VPN servers issuer not changed.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.