cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
75529
Views
30
Helpful
20
Replies

Webex meeting cannot start or Join with security certificate issue

APZ SA
Level 1
Level 1

We see the pop windows everytime when create a meeting or join a meeting

 

The detailed information is : 

 

Cannot Start or join meeting

You cannot start or join this meeting because we cannot validate the security certificate for you webex site. This error may occur because we cannot access the digital signature site. you firewall has blocked external access to revocation server, or there is a problem connecting to the network.

 

SSL certificate content

 

There is 2 option. 

 

Connect Anyway and Don't Connect.

 

If we click on Connect anyway button , still can get in the meeting.

 

Not sure what happens.

20 Replies 20

dpetrovi
Cisco Employee
Cisco Employee

Hi,

You are most likely using self-signed SSL certs on your CWMS system, and your PC doesn't trust those self-signed SSL certs and won't connect you.

To fully resolve this, you should obtain publicly signed SSL cert and install them to your CWMS: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_01111.html#concept_71CACA22EBB84FE58867C71B177AD752

 

If for just testing with using these self-signed SSL certs, when you try to start/join the meeting and you get SSL cert pop-up, don't just click OK to this message. Instead first Install the cert that is offered to your PC and once that is added to your Trust store, then click OK.

Once your PC trusts this self-signed certs, it will let you join the meeting.

 

Also, for more information about SSL certs, after reading the official document referenced above, you can check these two documents:

https://supportforums.cisco.com/document/12369176/cwms-ssl-certificates-and-localinternal-domain-names

https://supportforums.cisco.com/document/12367906/cwms-ssl-certificates-intermediate-ssl-cert-chains-and-different-cwms-versions

 

I hope this will be of help.

-Dejan

I have the same problem with the exact same error message and SSL certificate content as the original poster.

Subject: us California San Jose "Cisco System, Inc." CSG *.webex.com

Issuer: US Symantec Corporation Symantec Trust Network Symantex Class 3 Secure Server CA - G4

Effective Date: 2015/4/10 00:00:00

Expiration Datae: 2018/4/10 23:59:59

 

The reply by Dejan referred to "self-signed certs", but this is the certificate that is being presented by webex.com and not from something internal to my company.  Using the "Connect Anyway" option also fails.

Playing around a bit I found that disabling my custom proxy script that blocks certain sites and allowing all connections enabled the WebEx session to start.   I decided to edit the proxy script to determine which one of the sites was creating the problem, but strangely it seems to work every time now so it seems that it must have been one time tracker/cookie initialization issue.

Hi,

 

I am sorry if the wording confused you. These SSL certs are self-signed by CWMS itself during the deployment. If they were signed internally by the company CA, I would have worded it like "signed internally". 

 

I hope this clarifies it a little bit.

 

-Dejan

I have the same issue with webex, and there is no solution. It is so frustrating. I don't use any self-signed SSL certs. My web browser works fine with any https sites.

I noticed that Teamviewer is another product. It works perfect in a proxy environment.

I hope somebody can fix webex!!!

 

Allen

Hi Allen,

Can you please share the following information with me:

What version of CWMS do you have?

What is the size of your deployment?

What is your WebEx Site URL?

Are you using any proxies in between the end users and CWMS WebEx site?

Thank you.

-Dejan

Hi Dejan,

We don't host any webex meetings. But if somebody invites us to a Webex meeting, We cannot connect.
In our company, we use squid-cache proxy to access internet. Users don't have direct access to external websites. For sure we don't have any connection issues to any https sites.

Today I had the issue again. The URL is https://nutanix.webex.com/join/mgauch, and the pop-up message say something like:

You cannot start or join this meeting because we cannot validate the security certificate for your webex site. This error may occur because we cannot access the digital signature site. you firewall has blocked external access to revocation server, or there is a problem connecting to the network.

This message doesn't make sense to me. I tried Firefox, IE and Chrome with no luck. But I can connect to Teamviewer without any issues.

How can I troubleshoot webex problem? Because the problem is weird. We have nothing to do with SSL stuff.


Thanks,
Allen

Hi Allen,

 

Based on the error message, it appears that your firewall doesn't allow connection to the Symantec Certification Authority (used to sign WebEx wildcard SSL cert - per the WebEx Site it is URL=http://ss.symcb.com/ss.crl) in order to validate the SSL cert. You will either need to work with the firewall/proxy teams to address this, or if you get a pop-up that the SSL cert cannot be validated, try installing the SSL cert first to your Trust store, and then clicking OK to continue. 

Unfortunately, without packet captures or HTTP analyzer/Fiddler traces, I can't say with certainty what exactly is happening in your environment.

 

I hope this will help.

-Dejan

I put the URL http://ss.symcb.com/ss.crl in my browser, and it ask me to save the file.

I click 'save', and the file is saved on my computer.

So I guess WebEx doesn't work properly with URL http://ss.symcb.com/ss.crl.

Otherwise, what is the problem? Your suggestion doesn't help.

 

Allen

Hi Allen,

 

I would suggest collecting Fiddler traces for the failure and reviewing communication from your client machine and WebEx Site to understand what in your environtment is preventing this cert validation from happening. If there was an issue with WebEx, this would've been a major issuse for every WebEx user because the same SSL cert is used for every WebEx site (*.webex.com).

 

I can see someone on this thread confirmed that their Proxy had an issue and it was resolved on the proxy end. Hopefully they can share more details about the solution.

I hope this will help.

-Dejan

 

It's so frustrating to troubleshoot the issue. The fact is:

1. my proxy is working for 200+ users in the company without any issues to access any websites

2. why I cannot connect to WebEx? My proxy is up and running for more than three years and nobody complains except this one. I just have one proxy server.

3. it's a certificate issue, so the problem is not on client side. We do not have any certificate issue with any websites, except this one.

4. but I can say teamviewer works. It is another solution.

 

Allen

hi dejan

i have the same issue, but i m not using self sign, my costumer sign it .(valid untill year 2025)

lately, i upgrade to 2.5.1.5051.B-AE becuase of security bug .

few days later ,the certificate error screen start to jump.

 

do i need to generate new sign cer ?

 

tk

shoham

 

Hi Shoham,

The issue is most likely not with your SSL certs installed on CWMS, but SSL certs used for WebEx DLL files validation. Please, take a look at this post https://supportforums.cisco.com/discussion/12544906/webex-error-23-after-upgrade-25-mr5 and see if that fits your issue and try to implement the solution suggested. Keep in mind that the solution there is a workaround. The best option would be to ensure your client PCs are able to reach Certificate Revocation sites outside of your network and can properly pull the information needed.

I hope this will be of help.

-Dejan

Hi Dejan,

Some of the users in our organization are receiving a certification error while trying to join a WebEx meetings. We have a valid SSL certificate signed by Symantec. Please find the error message below.

"You can not connect to audio or Video because the security certificate for your WebEx site is not trusted. This error may occur because your certificate has been revoked or because the name on the certificate is incorrect" . There is only a "Don't connect" option and no options available to "connect anyway".

WebEx works fine for majority of users and only couple of users has raised this error. Can you please let me know your thought on this.

Regards,

Shibin