Re: Jabber Invalid Certificate (Information Message??)

JasB · ‎09-14-2017

Hello All,

I am getting a strange Jabber "infomation" message (see attached screenshot).

"An invalid certificate {S1} when connecting to {S2} has been rejected. Certificate fingerprint: {$3}" CJ:1000:101

I am using the latest client 11.9(0). All the CUCM certs are signed with our internal CA. The web interface certs show valid in Chrome/IE. I am able to replicate the error resaonably consistantly, when I start Jabber. I have attached the jabber client log file.

Anyone else come accross this error before?

Thanks, Jas

Alok Jaiswal · ‎09-14-2017

which certificate its complaining about ? Because Jabber do certificate verification for all the connections.

Also make sure the certificate you know is fine, does it have all the information like CRL etc.

Regards,

Alok

JasB · ‎09-14-2017

Hello Alok,

I have no idea what certificate it is complaining about because the error message has variable names $1, S2, $3. Where it should have IP_Address, Cert_Name, Cert_Fingerprint.

I have attached the jabber diagnostics screen (certificate section) and the only one that is not valid is for metrics-a.wbx2.com

Any ideas?

Jas

Tapan Dutt · ‎09-15-2017

Hi

The alert is for Telemetry server to which Jabber connects. You have 2 options to solve this

- Add the missing Go daddy certificate in as mentioned in the Deployment and installation guide of Jabber 10.6 and above, see below or

- Disable Telemetry in Jabber using a parameter in jabber-config.xml file see below

Action Item For 1st Option

Updated and republished 10.5 Deployment and Installation Guide, change also rolled forward to 10.6 guide. Update: "The telemetry server certificate name is "metrics-a.wbx2.com". To resolve any warnings about this certificate name, install the required GoDaddy certificate."

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber_chapter_01.html#CJAB_RF_T7105EF9_00

Snippet from the above link

Telemetry

Cisco Jabber Analytics

Applies to: All clients

To improve your experience and product performance, Cisco Jabber may collect and send non-personally identifiable usage and performance data to Cisco. The aggregated data is used by Cisco to understand trends in how Jabber clients are being used and how they are performing.

You must install the following root certificate to use the telemetry feature: GoDaddy Class 2 Certification Authority Root Certificate. The telemetry server certificate name is "metrics-a.wbx2.com". To resolve any warnings about this certificate name, install the required GoDaddy certificate. For more information about certificates, see the Planning Guide.

Action Items for 2nd Option

By default, the telemetry data is on. You can configure the following telemetry parameters:

Telemetry_Enabled—Specifies whether analytics data is gathered. The default value is true.
TelemetryEnabledOverCellularData—Specifies whether analytics data is sent over cellular data and Wi-Fi (true), or Wi-Fi only (false). The default value is true.
TelemetryCustomerID—This optional parameter specifies the source of analytic information. This ID can be a string that explicitly identifies an individual customer, or a string that identifies a common source without identifying the customer. We recommend using a tool that generates a Global Unique Identifier (GUID) to create a 36 character unique identifier, or to use a reverse domain name.

For more information about these parameters, see the Parameters Reference Guide.

Regards

Tapan