Solved: Certifcation enrollment to J4W Clients

j-lehmann · ‎02-27-2014

Hello,

we want to avoid that the clients click x times yes if jabber starts thes first time.

I read we can deploy the CUCM / CUC / IM&P Self Sign Cert via GPO. We try this but we run in a problem.

We do the following.

Accept on one Jabber client all Cert messages.

Export the cert via certmgr.msc on the client. If we import the Cert via AD GPO under Enterprise Trust on our WIN2008R2 Domain Server we got an error that some objekts meet not the criteria to use it with that program. If we import the Certs direct on other clients, it works. But htis can not be the solution that each client have to import it allone.

Have some one the same problem in the past and have a solution?

In addional we export also the Cert on the CUCM / CUC /IM+P itself and have the same problem if we import it on the WIN2008 Server AD.

Thx for Help

Joerg

rbirk · ‎03-04-2014

Hi Joerg,

This is what we used on Jabber 9.2.6:

msiexec.exe /i \\%path%\CiscoJabberSetup.msi CLEAR=1 TYPE=CUP CERTIFICATE_VALIDATION=DISABLE

Worked fine for us. No documentation on this that I am aware of, just something we found out with a little digging.

Ultimately we will put public certificates on our CUCM environment, but this was a good workaround until we can get that done.

Ron

View solution in original post

rbirk · ‎02-27-2014

If you run the install msi with "CERTIFICATE_VALIDATION=DISABLE" the client won't throw cert errors for the self-signed certificates.

j-lehmann · ‎02-28-2014

Hi,

my IT Team told me that is not working. Is there a doc where I can find more infos?

Thx