Jabber for Android prompting to verify certificates issued by internal CA
We are testing Jabber version 12.6 in phone-only mode on some devices running Android 8 (Oreo). The devices are on our internal network. Our CUCM and CUC servers have certificates issued by our internal CA. They are multi-server certs with a SAN for each node in the cluster. (We have an XMPP multi-server cert as well, but that's inconsequential for phone-only mode). When Jabber for Android connects to the CUCM or CUC server it prompts to Verify Certificate saying "Cisco Jabber cannot confirm the identity of this server. Do you want to Continue?" It includes information about the server name it doesn't recognize which we can confirm is one of the SANs in the multi-server cert and it references the name of the multi-server cert, that it was issued by our internal intermediate CA and that it still has a valid date. We have loaded our internal root CA and intermediate CA certificates into the Android key store via our MDM and also via a sideload (as recommended in the Jabber deployment guide - https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/12_6/cjab_b_on-prem-deployment-cisco-jabber_12-6/cjab_b_on-prem-deployment-cisco-jabber_12-6_chapter_01110.html ). We get the cert warning with the MDM pushed or sideloaded CA certs.
I have found several sources that indicate that beginning with Android 7 (Nougat) the Android OS no longer trusts CA certs that the end user loads even though it displays them in the User section of Trusted Credentials (Settings -> Security & location -> Encryption & credentials -> Trusted Credentials). Those same sources indicate you can root the device and install your internal CA cert into the System section of the Trusted Credentials and then it will work, but we don't want to have root hundreds of devices to achieve this. We found an older device running Android 6, loaded our internal CA certs into the User Trusted Credentials and did *not* get the the certificate warning, so this does seem related to the newer version of Android. Has anyone else encountered this issue on Jabber for Android and found a clever workaround?
Jabber always displays notifications for invalid certificates on Android 7.0 and later, even for installed custom CA-signed certificates on the Android OS. Apps that target Android 7.0 only trust system-provided certificates and no longer trust user-added Certificate Authorities.
I find this extremely frustrating since issuing the UCM certs from a public CA should not be necessary and training our users to click through a certificate warning is terrible security practice. Thanks a lot, Google.
Good morning in this Cisco documentFeature Configuration Guide for Cisco Unified Communications Manager, Release 11.5 it saysWhisper CoachingUnified Communications Manager also supports whisper coaching, a CTI enhancement on silent monitoring wh...
Hi All,I have an issue since the upgrade where it looks like I am not getting Phone Services, IM&P is working.I have done some firewall monitoring and can see requests to port 6972 for TFTP, I have tried to connect to this port to see my jabber-config...
In future definitely the need arise that the old extensions requires to be deleted. If the extension deletion range is straight like example 1000, 1001, 1002, etc. then it’s very easy to delete. What if extension deletion it’s not in straight order like 1...
We are forwarding calls from Call Manager to another system. There is a lag. I was told to set the cisco side to unconditional forward so it bypasses the settings and forwards right away. I can't seem to find that setting or maybe its called somethi...
Hello!If you could help me and show me where I could find all the characteristics and differences among Meetings/Teams and Events of Webex have.I mean could I find this somewhere in a PDF document or anywhere on the website??Thank you in advance!