Certificates not working

mterruso · ‎11-10-2013

I have added godaddy certificates to the CUP, CUCM and Unity Servers. All are installed correctly because TAC installed them for me. The https web pages respond properly on all servers and even the Jabber for MAC clients no longer prompt for certificates however the Jabber for PC clients still do not recognize the certficates. I have verified that the certificates are being presented to the clients and are valid in addition I have verified the host name matches and the root and intermediate certificates are installed on the servers.

Jabber for MAC version: 9.2.1 147214

Jabber for PC version: 9.2.6 12639

CUP Server Version 8.6.2 10000

All the latest versions.

Any ideas...

Jasmeet Sandhu · ‎11-10-2013

Hey Michael,

Was this process followed to generate the cup-xmpp cert:

Provide XMPP Domain to Clients:

http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_2_5/JABW_BK_CAAD3F25_00_cisco-jabber-for-windows-release-notes_chapter_011.html#CJAB_TK_U9438C1B_00

Step 1	Open the administration interface for your presence server, as follows: Cisco Unified Communications Manager IM and Presence Open the Cisco Unified CM IM and Presence Administration interface. Cisco Unified Presence Open the Cisco Unified Presence Administration interface.
Step 2	Select System > Security > Settings.
Step 3	Locate the XMPP Certificate Settings section.
Step 4	Specify the presence server domain in the following field: Domain name for XMPP Server-to-Server Certificate Subject Alternative Name.
Step 5	Select the following checkbox: Use Domain Name for XMPP Certificate Subject Alternative Name.
Step 6	Select Save.

Best Regards,

Jas

mterruso · ‎11-10-2013

We did but then after regenerating the cup-xmpp CSR and rekeying the certificate we receive an error stating that the subject CN does not match. This should not be needed. The MAC clients work fine. The PC clients do not.