Solved: Jabber integration with Webex giving certificate issue while login

Muhammad Irfan · ‎12-08-2014

Dear Team,

I have integrated Cisco Jabber with webex 2.5, I am getting certificate issue while login to webex. Any body is facing the same issue.

dpetrovi · ‎12-08-2014

Hi Muhammad,

That is the cause of the problem. You need to install a valid SSL cert that can be validated by Jabber and the PC.

In addition to official documentation, here you can find some useful tips for CWMS and SSL certs: https://supportforums.cisco.com/document/12367906/cwms-ssl-certificates-intermediate-ssl-cert-chains-and-different-cwms-versions

I hope this will help.

-Dejan

View solution in original post

dpetrovi · ‎12-25-2014

Hi Muhammad,

When you generate SSL Certificate Request (CSR) on CWMS server, you should send that CSR to Certification Authority (CA). They should send you a single SAN SSL cert that should include all the hostnames that exist in your CWMS solution (Admin VM FQDN, Media VM FQDN, Administration Site URL, WebEx Site URL). This single SSL cert is installed on CWMS (in combination with intermediate SSL certs if applicable - explained here https://supportforums.cisco.com/document/12367906/cwms-ssl-certificates-intermediate-ssl-cert-chains-and-different-cwms-versions).

If you obtained the SSL cert that doesn't cover all the FQDNs of your CWMS solution (but IRP VM FQDN), you won't be able to install that SSL cert to CWMS.

I hope this helps.

-Dejan

View solution in original post

dpetrovi · ‎12-08-2014

Hi Muhammad,

You are using self-signed SSL cert on CWMS server, which will result in such an error. You should use Publicly signed SSL certs (Verisign, GoDaddy, etc.)

-Dejan

Muhammad Irfan · ‎12-08-2014

Hi I didn't not install any certificate on webex server, so it is using self signed certificate.

dpetrovi · ‎12-08-2014

Hi Muhammad,

That is the cause of the problem. You need to install a valid SSL cert that can be validated by Jabber and the PC.

In addition to official documentation, here you can find some useful tips for CWMS and SSL certs: https://supportforums.cisco.com/document/12367906/cwms-ssl-certificates-intermediate-ssl-cert-chains-and-different-cwms-versions

I hope this will help.

-Dejan

Muhammad Irfan · ‎12-25-2014

Hello Dejan,

Still I am facing some issue.

while I am uploading the certificate I am getting below error.

" domains in the certificate do not match the WebEx Administration URL dxbwebadmin.abc.net.

My internal domain is metro.abc.corp.

Also CA has sent me only two certificate. They didn't send me primary intermediate or secondary intermediate certificate.

Then have sent me DigiCertCA.crt and dxbwebadmin_abc_net.cert.

Kindly advise.

dpetrovi · ‎12-25-2014

Hi Muhammad,

When you generate SSL Certificate Request (CSR) on CWMS server, you should send that CSR to Certification Authority (CA). They should send you a single SAN SSL cert that should include all the hostnames that exist in your CWMS solution (Admin VM FQDN, Media VM FQDN, Administration Site URL, WebEx Site URL). This single SSL cert is installed on CWMS (in combination with intermediate SSL certs if applicable - explained here https://supportforums.cisco.com/document/12367906/cwms-ssl-certificates-intermediate-ssl-cert-chains-and-different-cwms-versions).

If you obtained the SSL cert that doesn't cover all the FQDNs of your CWMS solution (but IRP VM FQDN), you won't be able to install that SSL cert to CWMS.

I hope this helps.

-Dejan

Muhammad Irfan · ‎12-08-2014

I am thinking may be I have to install the webex certificate to CUCM or presence which I am not sure.

dpetrovi · ‎12-08-2014

That shouldn't be a requirement, Muhammad. But you do need a valid SSL cert on the system.

-Dejan

Muhammad Irfan · ‎12-08-2014

Hi Dejan,

Thanks for response, let me get the cerficate from CA and check it. Actually CA is asking me version type like it is Apache etc which I am not sure.

dpetrovi · ‎12-08-2014

Apache should be fine as it will deliver the certs in PEM format that CWMS supports.

-Dejan