cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3586
Views
25
Helpful
5
Replies

Jabber for iOS v14.0.2 - Invalid Certificate was declined

xc3ss1v30n3_New
Level 1
Level 1

Hello. I am trying to tunnel Cisco Jabber through our enterprise MDM such that external company devices could utilize Jabber services on mobile phones without the use of a full VPN client. So far, I've been successful in added Jabber to application tunnel in MDM and can verify that traffic is being passed via MDM virtual appliance to our backend CUCM. However, I'm getting an error when attempting to login that states an "invalid certificate was declined." 

 

I exported the logs from my mobile phone, but I can't make much out of the error. 

 

Help?

 

2021-06-25 11:42:23,343 INFO [0x0000000106c078c0] [/module/login/YLCLifeCycleManager.m(561)] [trace login time] [-[YLCLifeCycleManager onCredentialsRequired:errors:]] - onCredentialsRequired, login error code: 210, connectionFailure: 0
2021-06-25 11:42:23,343 INFO [0x0000000106c078c0] [pp/tahiti/ui/login/YLCSigninUIMgr.m(303)] [trace login time] [-[YLCSigninUIMgr onCredentialRequiredLoginView:]] - CredentialRequired authenticatorId: 1200
2021-06-25 11:42:23,343 INFO [0x0000000106c078c0] [pp/tahiti/ui/login/YLCSigninUIMgr.m(481)] [trace login time] [-[YLCSigninUIMgr onLoginViewError:authenticatorId:]] - authenticatorId: 1200, error code is 210
2021-06-25 11:42:23,343 DEBUG [0x0000000106c078c0] [p/tahiti/module/util/YLCFipsUtils.m(126)] [UI.Util] [+[YLCFipsUtils isFipsModeEnabled]] - Is fips mode enabled: 0
2021-06-25 11:42:23,343 INFO [0x0000000106c078c0] [pp/tahiti/ui/login/YLCLoginBaseVC.m(509)] [UI.Action.System] [-[YLCLoginBaseVC getPresenceErrorMessgaWithCode:]] - Jabber login failed and show errorcode:210 string: An invalid certificate was declined. Please contact your administrator.
2021-06-25 11:42:23,343 DEBUG [0x0000000106c078c0] [pp/tahiti/ui/login/YLCLoginBaseVC.m(333)] [UI.Lifecycle.Login] [-[YLCLoginBaseVC showDiagnosticErrorLink:]] - errorEvent.code: 210, show Diagnotic:0
2021-06-25 11:42:23,343 DEBUG [0x0000000106c078c0] [pp/tahiti/ui/login/YLCLoginBaseVC.m(793)] [UI.Action.System] [-[YLCLoginBaseVC showSigninError:withAdditionActions:]] - Jabber show Error message: An invalid certificate was declined. Please contact your administrator.

1 Accepted Solution

Accepted Solutions

Alok Jaiswal
Cisco Employee
Cisco Employee

This has been the problem with the mobile devices. You don't get the prompt like windows.

If your organization uses a solution like MDM (Mobile device management) then you can use them to manage the certificates.

 

-Alok

View solution in original post

5 Replies 5

Jaime Valencia
Cisco Employee
Cisco Employee

The Jabber documentation explains which certificates need to be in the device's trust store for Jabber to work properly, if they're not deployed in advance the user will be prompted to accept or discard/deny? (can't recall the exact wording) the certificate and they need to accept it for Jabber to work.

Are the necessary certificates already in the trust store?

HTH

java

if this helps, please rate

Hi Jaime, thanks for the response.

 

We're currently using self-signed certificates on CUCM servers. And, you're correct, for our Windows clients, users have to accept the certificate (with a warning that it can't be verified) before the login action completes.

 

The difference here is that the mobile client never offers to let a user accept the certificate. It's automatically rejected. Do we know if that's a default behavior or is there a way to change the configuration such that a mobile user is allowed to accept?

If I recall correctly, not that long ago Apple made some changes in the way certificates are handled in their devices, can't recall the exact changes but I believe they affected how certificates were accepted/validated, google about the subject and you'll probably find information related to that.

HTH

java

if this helps, please rate

Alok Jaiswal
Cisco Employee
Cisco Employee

This has been the problem with the mobile devices. You don't get the prompt like windows.

If your organization uses a solution like MDM (Mobile device management) then you can use them to manage the certificates.

 

-Alok

Thanks, Alok. We do use an MDM solution and it was necessary to configure the MDM backend to allow the prompting of users for invalid certificates.