02-18-2014 04:53 PM - edited 03-17-2019 03:57 PM
Hello,
I have deployed 2 Cisco IM & P servers 9.1.1. When client jabber log in, the server presents 3 certificates (IM&P Pub, IM&P Sub, CUCM) to be validated and saved in local trust store.
What are the certificates that I have to sign against the Private CA ? Or Do I only upload Root CA of the company into IM&P servers ?
02-19-2014 04:10 PM
Hi Driss,
Per my understanding the certificates that are presented are the Tomcat self-signed Certificates that are created during CUPS Pub&Sub and CUCM installation.
Here I see you have 3 options:
a) Complex: Install thirdparty certs in your CUCM/CUPS servers, those certs should be issued by a Certificate Authority which root certificate is already part of your Truststore in Mobile client (Example: Verisign, Godaddy, etc.)
This process in CUCM/CUPS has been there for a while, you can look up how to install third party certs for CUCM/CUPS. Process is very straight forward, you generate a CSR (Tomcat), provide the CSR to your CA and then obtain the new cert, once you have the new cert, import it to your CUCM. The CA must be a trusted one by your clients (Example: Verisign, Godaddy, etc)
b) Simple: Import those default Tomcat CUCM/CUP self-signed certificates into your Desktops/Mobile clients trust store.
c) Annoying: Educate users to select Accept certificates
-Gonzalo
02-20-2014 03:13 PM
Hi Gonzalo,
Thank you for your reply. I'm trying to execute the first action plan. But, I'm facing some issues that I'm trying to resolve with TAC. Once finished, I will update the post.
Thanks
Driss
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide