Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4817
Views
0
Helpful
6
Replies

Cisco Jabber for Windows Certificate Issues

Go to solution
Vaijanath Sonvane
VIP Alumni
VIP Alumni

‎08-25-2014 11:50 AM - edited ‎03-15-2019 05:29 AM

Hi,

 

I have configured a Cisco Jabber with device security mode "Encrypted". Once I use this mode I am getting a error message in Cisco Jabber as:

"The certificate enrollment for secure computer calling has not been activated. Contact your system administrator."

The softphone feature is not working because of this.

 

Do you have any fix for this issue?

 

Thanks,

VJ

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎08-25-2014 03:56 PM

Is your CUCM cluster setup for mixed mode? If yes, what enrollment method did you chose as soft phones only support Authentication String. Only physical phones will have a MIC to do CAPF enrollment by.

View solution in original post

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to Vaijanath Sonvane

‎09-16-2014 05:10 AM

This is expected behavior. The authentication string is a one-time shared secret to build a TLS tunnel during CAPF enrollment. The first client who entered the authentication code is given an X.509 certificate to use for subsequent CCM registration. If the device security profile is set to Authenticated or Encrypted, that X.509 certificate is required for the CSF device to register/work.

Unless you're using Windows roaming profiles or some other mechanism to make the user certificates portable between devices (e.g. smart cards??), you're stuck. IMO, tell the user they only get a laptop and can attach an external monitor when they're at the office.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎08-25-2014 03:56 PM

Is your CUCM cluster setup for mixed mode? If yes, what enrollment method did you chose as soft phones only support Authentication String. Only physical phones will have a MIC to do CAPF enrollment by.

0 Helpful

Go to solution
Vaijanath Sonvane
VIP Alumni
VIP Alumni
In response to Jonathan Schulenberg

‎08-26-2014 05:27 AM

Hi Jonathan,

Thank you for your response. The CUCM cluster is setup in Mixed Mode. If you talking about Authentication Mode in Phone Security Profile for Cisco Jabber then it is set for "By Null String".

 

Thanks,

Vaijanath S.

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

0 Helpful

Go to solution
Vaijanath Sonvane
VIP Alumni
VIP Alumni
In response to Jonathan Schulenberg

‎08-26-2014 06:52 AM

Hi Jonathan,

 

Thank you for your help. The issues is now resolved after using the authentication string.

 

Thank you,

Vaijanath

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

0 Helpful

Go to solution
Vaijanath Sonvane
VIP Alumni
VIP Alumni
In response to Jonathan Schulenberg

‎08-26-2014 08:07 AM

Hi Jonathan,

 

As I have mentioned in earlier response that the jabber is now working by setting Authentication String. But the problem now I am facing is there is no simultaneous ring on desk phone and jabber. i.e. Jabber and desk phone are configured with same extension. when someone dials this extension it rings on desk phone only.

 

Thanks,

Vaijanath

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

0 Helpful

Go to solution
Vaijanath Sonvane
VIP Alumni
VIP Alumni
In response to Jonathan Schulenberg

‎09-12-2014 11:00 AM

Hi Jonathan,

 

I have one more issue with Cisco Jabber using authentication string. The authentication string works fine with the Jabber and softphone functionality is working.

Now the problem is: if the single user has two Jabber clients, one installed on laptop and second on desktop, the authentication string window is presented to the jabber client which logs in first. For example is I login from my laptop the window pops up to enter the authentication string. But now when I open the Jabber on my desktop it doesn't give me option to enter the authentication string and the softphone doesn't work.

 

Thanks,

Vaijanath

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to Vaijanath Sonvane

‎09-16-2014 05:10 AM

This is expected behavior. The authentication string is a one-time shared secret to build a TLS tunnel during CAPF enrollment. The first client who entered the authentication code is given an X.509 certificate to use for subsequent CCM registration. If the device security profile is set to Authenticated or Encrypted, that X.509 certificate is required for the CSF device to register/work.

Unless you're using Windows roaming profiles or some other mechanism to make the user certificates portable between devices (e.g. smart cards??), you're stuck. IMO, tell the user they only get a laptop and can attach an external monitor when they're at the office.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents