topic Re: Jabber 14 getting invalid and expired cert warning CUPS 12.5 in Collaboration Applications

Jabber 14 getting invalid and expired cert warning CUPS 12.5

iverson.justin — Thu, 27 Oct 2022 03:14:21 GMT

Getting invalid and expired cert warnings for CUPS servers. PUB shows expired and SUB shows invalid. CUP-XMPP & Tomcat have valid enterprise certs, nodes have been both completely restarted. My SUB is new and CUPS sub is still offering the self-signed cert, my PUB is still offering the expired cert from 30 days go. Deleted and uploaded certs plus restarted cluster, still getting errors on Jabber. TAC is looking but taking bit.

Re: Jabber 14 getting invalid and expired cert warning CUPS 12.5

Nithin Eluvathingal — Thu, 27 Oct 2022 04:27:14 GMT

Thump Rule renew expired certificates and restart the related services.

Have you done this ?

Re: Jabber 14 getting invalid and expired cert warning CUPS 12.5

iverson.justin — Thu, 27 Oct 2022 05:06:07 GMT

Yes, restarted all services several times. Same results.

Re: Jabber 14 getting invalid and expired cert warning CUPS 12.5

Roger Kallberg — Thu, 27 Oct 2022 05:36:30 GMT

Can you please share screenshots from your servers from the certificate management page?

Re: Jabber 14 getting invalid and expired cert warning CUPS 12.5

iverson.justin — Wed, 02 Nov 2022 04:35:47 GMT

Screen shot of cup-xmpp cert, Jabber client is still presenting the self signed IMP cert even though I replaced cup-xmpp with enterprise CA-signed cert. Getting no where with TAC, they say its bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb89326

Jabber client cert is pulling:

Re: Jabber 14 getting invalid and expired cert warning CUPS 12.5

Roger Kallberg — Wed, 02 Nov 2022 06:00:10 GMT

Really hard to see anything on the certificate screenshot, will check again from a computer when I get to work. On the bug, if you’re truly hitting that defect TAC should be able to help you with removal of the stuck certificate(s) from their root access.

Re: Jabber 14 getting invalid and expired cert warning CUPS 12.5

Nithin Eluvathingal — Wed, 02 Nov 2022 06:08:27 GMT

Have you restarted the services and server after uploading the CA signed certificates ?

If you are hit with the BUG TAC could be able to Fix it .

Re: Jabber 14 getting invalid and expired cert warning CUPS 12.5

iverson.justin — Sun, 11 Dec 2022 19:22:42 GMT

TAC resolved with root access and had to remove bad cert twice. BUG CSCwa01599

Problem Description

Presence 14.0.1

Publisher node seemed to have a known defect (CSCwa01599) but the workaround was applied without success. The old expired certificate was still being presented.

Summary

We thoroughly checked all locations for the certificate including database and file system. We confirmed that the new certificate was present for all locations mentioned. however, the problem was a backup copy of the xmpp.pem file located in the same directory of /usr/local/xcp/certs/xmpp/. This backup file was being presented to jabber even though it was named xmpp.pem_orig, which was the old, expired certificate. So simply deleting this file from the server followed by the same service restarts for Cisco XCP Connection Manager and Cisco XCP Router resolved the issue.