Cisco Unified IP Phone Security Problems

The following sections provide troubleshooting information for the security features on the Cisco Unified IP Phone. 

 

CTL File Problems

The following sections describe problems with the CTL file:

 

Authentication Error, Phone Cannot Authenticate CTL File

 

Problem
A device authentication error occurs.
 
Cause
CTL file does not have a Cisco Unified Communications Manager certificate or has an incorrect certificate.
 
Solution

Install a correct certificate.

 

Phone Cannot Authenticate CTL File

 

Problem
Phone cannot authenticate the CTL file.
 
Cause
The security token that signed the updated CTL file does not exist in the CTL file on the phone.
 
Solution

Change the security token in the CTL file and install the new file on the phone.

 

CTL File Authenticates but Other Configuration Files Do Not Authenticate

 

Problem
Phone cannot authenticate any configuration files other than the CTL file.
 
Cause
A bad TFTP record exists, or the configuration file may not be signed by the corresponding certificate in the phone Trust List.
 
Solution

Check the TFTP record and the certificate in the Trust List.

 

ITL File Authenticates but Other Configuration Files Do Not Authenticate

 

Problem
Phone cannot authenticate any configuration files other than the ITL file.
 
Cause
The configuration file may not be signed by the corresponding certificate in the phone Trust List.
 
Solution

Re-sign the configuration file by using the correct certificate.

 

Phone Does Not Register

 

Problem
Phone does not register with Cisco Unified Communications Manager.
 
Cause
The CTL file does not contain the correct information for the Cisco Unified Communications Manager server.
 
Solution

Change the Cisco Unified Communications Manager server information in the CTL file.

 

Signed Configuration Files Are Not Requested

 

Problem
Phone does not request signed configuration files.
 
Cause
The CTL file does not contain any TFTP entries with certificates.
 
Solution

Configure TFTP entries with certificates in the CTL file.