cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4357
Views
5
Helpful
20
Replies
Beginner

CSCuq99941 - CUCM web interface does not work with internet explorer 11.

Add web page to compatibility view in IE 11. This has worked for me when I've had the same issue, version 9.1(2) of CUCM.

20 REPLIES 20
Beginner

Adding CUCM web page to

Adding CUCM web page to compatibility view has worked till the latest microsoft updates has been applied last week. Since then, it's not possible to use the CUCM web gui any more. "The page cannot be displayed" is shown. We are using Windows 7 with IE 11.

We think it has to do with the CUCM certificate which is SHA1 (SHA-128) coded and the browser which is blocking old certificates.

Is there a possibility to recreate the CUCM certificate as SHA2 (SHA-256)? 

Beginner

I am having the same issue

I am having the same issue with CUCM 8.5, we are using Windows 7 and IE 11. The only work around we have found it to go into internet options/ advanced and remove all the Use TLS settings and add the Use SSL. This allows us to access the CUCM web gui.

Not a fix but at least you can access your system.

Beginner

This Workaround is working

This Workaround is working for us, too.

Nevertheless I think, Cisco should illustrate a solution to recreate the selfsigned CUCM certificate as SHA2 certificate. This would be a real solution.

Beginner

So is this with just Call

So is this with just Call Manager SHA1 certificates being blocked by IE 11? I have a similar linux server with SHA1 certificate which I had no problem accessing via web gui with IE 11.  Can someone confirm if this is in fact SHA1 certificates being blocked? 

Thanks,

Mason

Beginner

We also have other servers

We also have other servers with web front-Ends and SHA1 certificates, which are working as usual. The little difference is, that these certificates are all 1024-bit signed.

The CUCM SHA1 certificate is 2048-bit signed. I don't know what "feature" Microsoft has build in their IEs with the last updates to generate this behavior. 

Beginner

Seems like this bug is only

Seems like this bug is only affecting Windows 7 and its previous version like xp.  Windows 8 users are fine with SHA1.  TAC said the only workaround is to use IE 6 to 10.  I'm going to test out SHA2 with IE 11 in my lab and see if that would fix it. Thanks

Beginner

Ha ha, TAC is making jokes.

Ha ha, TAC is making jokes. The only IE version which is officially supported for Windows 7 since beginning of this year is IE11!!

This statement is synonymous with "Don't use Windows 7 to administrate CUCM" or "Buy a newer Windows Version to administrate CUCM".

Of course you can install an older Version but you get no more security updates and some homepages don't work if you have installed an older IE version.

Highlighted
Beginner

Hi!

Hi!

The problem for us is especially that the user option page isn't working too.

We would plan an upgrade to CUCM 10.5 to bypass the issue, we have already a 10.5 CUCM cluster an it works also with IE11, but with self-signed certificates.

Beginner

Hi

Hi

We having the same issue - was you able to resolve this - can we create SHA-2 cert.  I followed chrisdaniels tips and it works but it breaks a lot of other secured sites.

Thanks

Beginner

Good Morning,

Good Morning,

at the Moment our Workaround consists of changing the IE Option to sslv3 when working with CUCM and changing it back to tls when we've finished. Not very satisfying. I'm waiting for the test results from Mase4g638 concerning the SHA2 cert.

Beginner

Uploading the SHA2 cert did

Uploading the SHA2 cert did not fix it.  It's only working with the Workaround.  We opted to use Chrome because we can't do the Workaround in our environment.

Beginner

Thanks for the update

Thanks for the update

 

With Chrome though it doesn’t work properly – i.e. the menu buttons don’t work when clicking on them - is there a particular version only supported

Beginner

You're right, not all buttons

You're right, not all buttons are working.  I have Chrome 53.0.2785.101.  Does anyone know how to change the compatibility view settings on this Chrome to work just like the previous IE? 

Firefox 45.3.0 does work but you have to disable security.ssl3.dhe_rsa_aes_128_sha in about:config.

Beginner

I have opened a TAC with

I have opened a TAC with Cisco. Cisco cannot expect us to work like this - I will post the outcome of this discussion as soon as I know more.
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards