Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
940
Views
0
Helpful
4
Replies

Instant Messaging and Presence Server Certificate Issue with Jabber Client

chancalvin
Level 1
Level 1

‎12-17-2014 10:28 AM - edited ‎03-17-2019 04:44 PM

Hey guys,

I have a 1 pub/1 sub IMP cluster that is 9.1.1.31900-1.

Jabber client is 10.5.

CA is in house and root certs and host certs are verified to be correct over a show web-security. As well, when I browse to the FQDN of the 2 servers i no longer get cert warnings.

Issue is when a new Jabber Client is deployed, and you look at it's certification path, it fails to find the root properly and does not create the chain. And so you still get the cert warning.

I have an ongoing TAC case, but still not resolved. The last thing we did was change the IMP server names from ip address to the FQDN.

But still getting cert errors.

So weird thing is, via web it is able to verify the cert. But Jabber cannot when contacting the server directly?

Ive attached a screenshot of this helps.

 

Anyone run into this before?

 

Labels:
Preview file
86 KB
0 Helpful
4 Replies 4

Dennis Mink
VIP Alumni
VIP Alumni

‎12-17-2014 03:38 PM

So the hostname of the presence server that Jabber connects to is the same as the Subject name in the cert that you are issueing?

 

 

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

chancalvin
Level 1
Level 1
In response to Dennis Mink

‎12-17-2014 03:52 PM

Yes Dennis, that is correct.

0 Helpful

Jason Aarons
Level 6
Level 6

‎12-17-2014 05:21 PM

All CUCM servers need to be FQDN with 10.5 as well with UDS.  Have you tried pull a Jabber Problem Report (JPRT) and look at the unified.log file and see it helps.

 

Did Tomcat on everything and the cup-xmpp get signed?  Did you upload the self Root and Intermediate to the servers?

 

Are you sure the Root CA is in the Enterprise Trust on the OS?

0 Helpful

Nagajothi Thangapandian
Level 1
Level 1

‎12-18-2014 05:11 AM

Hi Calvin,

Check on below things:

1. Both CUCM and Im&P has CA's root certificate uploaded

2. CUCM has tomcat signed cetificate uplaoded

3. Im&P has tomcat and cup-xmpp signed certificates uploaded

4.CUCM has system -- server configured as either hostname or FQDN but not IP address

5. Im&P cluster topology has servers configured as FQDN (strictly FQDN)

6. Every configuration steps which involves CUCM or Im&P for jabber should also be in FQDN

Regards

 

 

0 Helpful
Customers Also Viewed These Support Documents