cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6617
Views
0
Helpful
0
Comments
Greeshma Bernad
Cisco Employee
Cisco Employee

Problem

The following error appears in CUPS troubleshooter when trying to add Microsoft Exchange the presence gateway. :

The Microsoft Exchange Certificate file is either not  currently loaded or there is a subject CN (Common Name) mismatch.

This  Certificate is required so that CUP and Exchange can communicate in a  secure manner.Please load a valid Certificate

for  Microsoft Exchange and verify that the Trust Certificate Subject CN  (configured on the Presence Gateway page) matches

the  Trust Certificate Subject CN of the loaded Certificate file.  Certificates can be loaded on the Cisco Unified OS Platform

Application Security->Certificate Management page.

Solution

Try these steps to resolve the issue:

  • The error that you are seeing is related to the exchange certificate upload that is required for calendar integration. Make sure that you have uploaded the certificate correctly (no missing  root/intermediate certificate) and there is no CN name mismatch. Refer Uploading the Root Certificate to the Cisco Unified Presence Server for information to upload exchange certificates  to CUP for calendar integration. Note: Make sure to restart the SIP Proxy after certificate upload.
  • Open the Presence gateway configuration page from Cisco Unified Presence  > Presence Engine > Presence GatewaysIf there is a space in the Common Name, change it to  '_'(underscore) in the "Trust certificate subject CN" on presence  gateway page.
  • Make sure that you are using the hostname in the Presence Gateway field and it matches the subject CN in the certificate.
  • Restart Presence Engine and Restart CUPC.

CUPS 8.6 + Exchange Calendar Integration

ProblemYou are not able to get past the certificate verification when using a SAN/Wildcard certificate for your exchange integration. 

Resolution
Cisco as of now do not currently support wild card / SAN certificates with
CUPS so as of right now this will not work.
As of right now your ONLY option is to replace your current certificate on your exchange CAS server to present a certificate that is "Issue To" the FQDN of the node.  This is the only way it will work with CUPS.  You can however add as many entries you want in the Subject Alternate Name including the wildcard if that's supported by Microsoft.  This will ensure all applications that can use the SAN entry will see the wild card.  But unfortunately CUPS can only look at the "Issued To" line to verify the host matches the certificate.

Also refer:

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: