Adding CUCM web page to compatibility view has worked till the latest microsoft updates has been applied last week. Since then, it's not possible to use the CUCM web gui any more. "The page cannot be displayed" is shown. We are using Windows 7 with IE 11.
We think it has to do with the CUCM certificate which is SHA1 (SHA-128) coded and the browser which is blocking old certificates.
Is there a possibility to recreate the CUCM certificate as SHA2 (SHA-256)?
I am having the same issue with CUCM 8.5, we are using Windows 7 and IE 11. The only work around we have found it to go into internet options/ advanced and remove all the Use TLS settings and add the Use SSL. This allows us to access the CUCM web gui.
Not a fix but at least you can access your system.
This Workaround is working for us, too.
Nevertheless I think, Cisco should illustrate a solution to recreate the selfsigned CUCM certificate as SHA2 certificate. This would be a real solution.
So is this with just Call Manager SHA1 certificates being blocked by IE 11? I have a similar linux server with SHA1 certificate which I had no problem accessing via web gui with IE 11. Can someone confirm if this is in fact SHA1 certificates being blocked?
We also have other servers with web front-Ends and SHA1 certificates, which are working as usual. The little difference is, that these certificates are all 1024-bit signed.
The CUCM SHA1 certificate is 2048-bit signed. I don't know what "feature" Microsoft has build in their IEs with the last updates to generate this behavior.
Seems like this bug is only affecting Windows 7 and its previous version like xp. Windows 8 users are fine with SHA1. TAC said the only workaround is to use IE 6 to 10. I'm going to test out SHA2 with IE 11 in my lab and see if that would fix it. Thanks
Ha ha, TAC is making jokes. The only IE version which is officially supported for Windows 7 since beginning of this year is IE11!!
This statement is synonymous with "Don't use Windows 7 to administrate CUCM" or "Buy a newer Windows Version to administrate CUCM".
Of course you can install an older Version but you get no more security updates and some homepages don't work if you have installed an older IE version.
The problem for us is especially that the user option page isn't working too.
We would plan an upgrade to CUCM 10.5 to bypass the issue, we have already a 10.5 CUCM cluster an it works also with IE11, but with self-signed certificates.
We having the same issue - was you able to resolve this - can we create SHA-2 cert. I followed chrisdaniels tips and it works but it breaks a lot of other secured sites.
at the Moment our Workaround consists of changing the IE Option to sslv3 when working with CUCM and changing it back to tls when we've finished. Not very satisfying. I'm waiting for the test results from Mase4g638 concerning the SHA2 cert.
Uploading the SHA2 cert did not fix it. It's only working with the Workaround. We opted to use Chrome because we can't do the Workaround in our environment.
Thanks for the update
With Chrome though it doesn’t work properly – i.e. the menu buttons don’t work when clicking on them - is there a particular version only supported
You're right, not all buttons are working. I have Chrome 53.0.2785.101. Does anyone know how to change the compatibility view settings on this Chrome to work just like the previous IE?
Firefox 45.3.0 does work but you have to disable security.ssl3.dhe_rsa_aes_128_sha in about:config.