In this troubleshooting article, we present various issues, difficulties, and nuances of employing certificates on the Sonus SBC 1000/2000. Each of the instances is accompanied by an investigation path to assist in remedying the issue.
- Certificate Errors from the Sonus SBC 1000/2000 Log
- Certificate Not Trusted
- Certificate and Private Key Do Not Match
- Failed to authenticate (Server) certificate due to bad encoding format, certificate contents or signature mis-match
- Connection Refused for Invites or Sonus SBC 1000/2000 does not transmit Options (TG down)
- Error Opening My Certificate File
- Certificate Is Not Yet Valid
- Unable To Get Local Issuer Certificate
- Configured and Expected host FQDN does not match peer certificate Common Name
- SSL Hello Fails
- Server Disconnects TLS negotiation
- Possible incompatible Wave14 Releases (SBA=7306, Sonus SBC 1000/2000=v140/7457)
- Failure to automatically import the single base64 encoded file containing bundled certificates
Certificate Errors from the Sonus SBC 1000/2000 Log
Exchange Log Error: Target name in the certificate is incorrect
The Unified Messaging server was unable to exchange the required certificates to enable Transport Layer Security (TLS) with an IP gateway. More information: "A TLS failure occurred because the target name that was specified in the certificate is incorrect. The error code was "1" and the message was "Incorrect function".
This is caused by some type of FQDN issue on Exchange:
- Ping the Sonus SBC 1000/2000 from Exchange using the Sonus SBC 1000/2000's FQDN
- Verify the Exchange GW configuration is set for FDQN, not IP.
- Reboot the Exchange Server
X509 Certificate Error Messages
An exhaustive list of the error codes and messages is shown below, this also includes the name of the error code as defined in the header file x509_vfy.h Some of the error codes are defined but never returned: these are described as ``unused''.0 X509_V_OK: okthe operation was successful.