Problem
The following error appears in CUPS troubleshooter when trying to add Microsoft Exchange the presence gateway. :
The Microsoft Exchange Certificate file is either not currently loaded or there is a subject CN (Common Name) mismatch.
This Certificate is required so that CUP and Exchange can communicate in a secure manner.Please load a valid Certificate
for Microsoft Exchange and verify that the Trust Certificate Subject CN (configured on the Presence Gateway page) matches
the Trust Certificate Subject CN of the loaded Certificate file. Certificates can be loaded on the Cisco Unified OS Platform
Application Security->Certificate Management page.
Solution
Try these steps to resolve the issue:
- The error that you are seeing is related to the exchange certificate upload that is required for calendar integration. Make sure that you have uploaded the certificate correctly (no missing root/intermediate certificate) and there is no CN name mismatch. Refer Uploading the Root Certificate to the Cisco Unified Presence Server for information to upload exchange certificates to CUP for calendar integration. Note: Make sure to restart the SIP Proxy after certificate upload.
- Open the Presence gateway configuration page from Cisco Unified Presence > Presence Engine > Presence Gateways. If there is a space in the Common Name, change it to '_'(underscore) in the "Trust certificate subject CN" on presence gateway page.
- Make sure that you are using the hostname in the Presence Gateway field and it matches the subject CN in the certificate.
- Restart Presence Engine and Restart CUPC.
CUPS 8.6 + Exchange Calendar Integration
ProblemYou are not able to get past the certificate verification when using a SAN/Wildcard certificate for your exchange
integration.
Resolution
Cisco as of now do not currently support wild card / SAN certificates with
CUPS so as of right now this will not work.
As of right now your ONLY option is to replace your current certificate on
your exchange CAS server to present a certificate that is "Issue To" the
FQDN of the node. This is the only way it will work with CUPS. You can
however add as many entries you want in the Subject Alternate Name including
the wildcard if that's supported by Microsoft. This will ensure all
applications that can use the SAN entry will see the wild card. But
unfortunately CUPS can only look at the "Issued To" line to verify the host
matches the certificate.
Also refer: