Jabber secure connect certificate authentication

wscotty2012 · ‎09-15-2012

Hi Support,

I'm looking to deploy secure connect using certificate based authentication using my Microsoft 2003 root CA. I'm aware that secure connect only supports a 2008 CA. Can I just deploy a 2008 subordinate issuing CA or will I need to upgrade my whole PKI enviroment to 2008?

Douglas Crane · ‎09-16-2012

Secure connect is only available for Android..

IPhones must use the Mobile AnyConnect..

Which one are you trying to set up?

As for your question the admin guide does not call out for a particular domain functional level. Only for the CA to be set up with a root cert and sub certs..

http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Android/8_6/JABA_BK_A940B90D_00_jabber-for-android-admin-guide_chapter_011.html

Sent from Cisco Technical Support iPad App

wscotty2012 · ‎09-16-2012

Hi Douglas,

I actually need to setup both iPhone and Android to use certificate based authentication, I understand that if I want to use SCEP that I need a Windows 2008 CA but what I need to understand is if both the root and subordinate issuing CAs all need to be 2008 or just the subordinate?

We have a 2003 root CA at the moment and we want to avoid upgrading to 2008 at the moment if possible. It would be easier if we can just add a 2008 subordinate to the enviroment which I understand is possible after reading a few Microsoft articles.

Douglas Crane · ‎09-16-2012

Yes you can add the 2008 server add a sub. However until all global Cats and DCs are 2008 you will be stuck with a domain functional level equal to the greatest version.

The iPhone must use the AnyConnect through the ASA. If you are just trying to do on LAN calling no problem. If you are trying to do WAN calling... Problem...

I have the same issue.. We are an all IOS corp.

Additionally this setup only has instructions for the Android. It may work with the IPhone but I have not tested it..

Sent from Cisco Technical Support iPad App