This document describes SSL Connection/Certificate Verification status displays in Cisco Unified Presence Administration when you configure the Exchange Presence Gateway.
Checklist for Managing Self-Signed and Third-Party Certificate Exchanges
Install the Certificate CA Service
Generate a CSR on IIS of Exchange server
Submit the CSR to the CA Server/Certificate Authority
Download the signed certificate
Upload the signed certificate onto Exchange IIS
Download the root certificate
Upload the root certificate to the Cisco Unified Presence server
Status :- SSL Connection/Certificate Verification - Verified
Cisco Unified Presence verified the SSL connection with the Exchange server. Select View for the certificate details.
Status :- SSL Connection/Certificate Verification Failed - Certificate Missing From Chain
One or more certificates that Cisco Unified Presence requires to establish a secure connection to the Exchange server are missing. The Certificate Viewer can provide details of the missing certificates.
Complete these steps in the Certificate Viewer to display any missing certificates:-
1. Select Configure to open the Certificate Viewer.
2. Check Accept Certificate Chain.
3. Select Save.
4. The certificate chain details display. Note any certificates with a status of Missing.
5. Close the Certificate Viewer.
6. To complete the certificate chain, you must:
a. Download the missing certificates files from the Exchange server.
b. Copy or FTP the missing certificate files to the computer that you use to administer Cisco Unified Presence.
c. Use the Cisco Unified OS Administration to upload any of the required missing certificates.
If the certificates are not available in the Certificate Viewer, you may need to manually download and install the missing certificates from the Exchange server, and upload these certificates in Cisco Unified OS Administration as follows:-
If required, go to Cisco Unified OS Administration and upload certificates to complete the certificate chain.
Return to the Presence Gateway Configuration window in Cisco Unified Presence Administration, reopen the Certificate Viewer, and verify in the Certificate Viewer that all certificates in the certificate chain now have a status of Verified.
You must restart the Cisco UP Presence Engine after you upload Exchange trust certificates. Select Cisco Unified Serviceability > Tools > Service Activation. Note that this can affect Calendaring connectivity.
Select either Configure or View to launch the Certificate Chain Viewer where you can view the details of the certificate chain. The Configure button will display if there are any issues with the certificate chain that Cisco Unified Presence downloads from the Exchange server - for example, the missing certificates scenario described above. Once you successfully import and verify the certificate chain, the SSL Connection / Certificate Verification status will update to Verified and the View button will replace Configure.
These instructions describe the view of the customized Certificate Import Tool. If you are simply verifying connection status, the tool indicates the verified status but you do not have the option to Save.
Status :- SSL Connection/Certificate Verification Failed- Subject CN Mismatch
The Presence Gateway field value must match the Subject CN value of the leaf certificate in the Certificate Chain. You can resolve this issue manually using the Certificate Viewer, or by entering the correct value in the Presence Gateway field.
Verify that your entry in the Presence Gateway field is correct as follows:
1. Reenter the correct Subject CN value in the Presence Gateway field. Cisco Unified Presence uses the Presence Gateway field value to ping the server. The host (FQDN or IP address) that you enter must exactly match the IIS certificate Subject Common Name.
2. Select Save.
Alternatively, complete these steps if you want to use the Certificate Viewer to resolve the Subject CN mismatch:
1. Select Configure to open the Certificate Viewer.
2. Select Accept Certificate Chain.
3. Select Save.
4. Select Close to close the Certificate Viewer. After you close the Certificate viewer, an alert displays to indicate a change to the Presence Gateway field value (assuming you updated it) and the Presence Gateway page is refreshed.
5. Verify the value of the Presence Gateway field is updated.
6. Verify that the value of the SSL Connection / Certificate Verification reads Verified.
Select either Configure or View to launch the Certificate Chain Viewer where you can view the details of the certificate chain. The Configure button will display if there are any issues with the certificate chain downloaded from the Exchange server - for example, the missing certificates scenario described above. Once you successfully import and verify the certificate chain, the SSL Connection / Certificate Verification status will update to Verified and the View button will replace Configure.
Status :- SSL Connection/Certificate Verification Failed - Bad Certificates
Information in the certificate is incorrect, which renders it invalid.
Typically, this occurs if the certificate matches the required Subject CN but not the public key. This could happen if the Exchange server regenerates the certificate but the Cisco Unified Presence server still maintains the old certificate.
To resolve this, complete these actions:
•Select the logs to determine the cause of the error.
•If the error is due to a bad signature, you need to remove the outdated certificate from Cisco Unified Presence in Cisco Unified OS Administration, and then upload a new certificate in Cisco Unified OS Administration.
•If the error is due to an unsupported algorithm, you need to upload a new certificate that contains the supported algorithm in Cisco Unified OS Administration.
Hi, We have a cluster of QM WFO installed on a Windows Server 2012R2 with SQL Server 2008 and we need to upgrade to Windows Server 2019 – SQL Server 2016 or 2017.What is the best way to do this upgrade? Checking the procedure of Backup and Restore fo...
Hello All, Looking all over for an answer. Have a customer with multiple On Prem registered endpoints. They state that they don't have the option to add another party to a call on most of the endpoints, but do on at least one. So no Add C...
We have agents who handle e-mails using UCCX/CCP through Finesse and we are trying to figure if there is a way either in UCCX/CCP or in the Office 365 e-mail account to have all e-mails that are replied through Finesse to have their From field modified to...
Hi, There is a way to use a screen as default for presentation and for conferences ? ( If there is a presentation it wil be displayed on the screen 2 and if there is no presentation the participant will be displayed by default on the screen 2 )If i c...
Hi.We are trying to get microsoft teams calls working through our Roomkit minis. We have Enabled Microsoft Teams WebRTC Calling in the devices options. The web engine is also turned on in the device settings. From my understanding a microsoft teams icon m...