Please check that the Root CA

yeruel77 · ‎07-21-2017

Hi Team,

Recently I have migrated certificate Win server 2012 to 2016. it was integrated with CUCM, Expressway E and C, IMP. server act as internal DNS and Certficate server. But after migrated, the jabber got problem as "Revocation information for the security certficate for this site is not available. do you want to proceed?" and Phone services also disabled after login. Only IMP and voicemail servers are works fine on Jabber. What shall I do then?

Please any consult. I thought that I should install certficate server as new in 2016, then generated certficates for each CUCM , EXp E and C then upload again. Right way?

here is attached.

Slavik Bialik · ‎07-22-2017

Please check that the Root CA that is installed on your CUCM equals to the Root CA that is on your Certificate Authority server. Maybe when you migrated from 2012 to 2016, from some reason it re-generated your certificates. Maybe try to sign again the CUCM's CSR, upload it and restart Tomcat services.

Alok Jaiswal · ‎07-22-2017

Are you hitting this error while login internally or externally ? Because when you login externally the certificate which will be presented to Jabber is of Exp-E which should normally be signed by an public CA.

If you are trying to login internally then the certificate presented will be the one uploaded on CUCM and IMP node.

Checking of public key certificates is done using three methods:

Certificate Discovery
Path validation
Revocation checking

https://technet.microsoft.com/en-us/library/cc700843.aspx#XSLTsection126121120120

You can disable the certificate revocation under IE advanced setting, however that's not the fix, because its obviously a security issue and then we can't do this on all the PC.

Verify the under the certificate you have CRL URL present, something like this.

Regards,

Alok

Cisco Jabber certificate alert after login