Has anyone tried configuring Jabber to Unity Connection voicemail to be secure with SSL?
The server was rebooted also.
Tried Jabber 11.8 and 11.9 beta client, no difference.
The tomcat certificate is from CA and is working as the web pages are secured with that and no prompt for the certificate when using web page.
This is using WebEx messenger for the setup of Jabber, not
We are trying to secure jabber and voicemail notifications.
Port 7080 is used for HTTP (Plaintext) and port 7443 is used for HTTPS for this function.
See the documentation below outlining the ports used for Jabber, both on-premise and cloud
There is a cisco unity document listing same ports.
Can you try enabling the option below option on unity connection
Navigate to System settings --> advance --> API settings and enable " Allow Access to Secure Message Recordings through CUMI"
I had the same issue.
And found out, that you have to enable SSL on the Jetty Service.
Login to your CUC on the CLI and check the Jetty SSL Status with:
show cuc jetty ssl Status
If it is disabled, you can enable it with:
utils cuc jetty ssl enable
Then you have to restart the Jetty Service and then - Magic - Jabber is using Port 7443.
Be Aware of the Bugs in Jabber 11.8.0!
Jabber certificate prompt for CA-signed certificate when using Secure Jetty.
This doesn't seem to be well documented anywhere that I can find. The security guide mentions the word "Jetty" with no further commentary, and the IP communications port guide shows 7080 for Exchange / Jetty EWS notifications, but it neglects to include port 7443.
You can see under wireshark that Jabber will attempt to connect to this port (7080) and be reset - not sure why it falls back to this port when 7443 is not available. This causes it to repeatedly connect/disconnect with an increasing backoff timer until the voicemail is not usable in the client.
In my case 7443 was not open through the server firewall from our clients, but it will be opened soon and I'll test again.
I noted also that the bug that is pointed out in this thread is resolved in 11.8.4 J4W. Based on the logging it wants to prompt for a SSC but it accepts the cert, possibly because I already have accepted it. Pressing "Reset Cisco Jabber" no longer seems to clear the cache for these so I am never prompted for it. I spent a bit of time wondering if it's the cert before concluding that I hadn't actually opened the unlisted port in the firewall. Whoops.