Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
1
Helpful
3
Replies

Cisco Jabber Unity Certificate not being presented to client (12.5)

Philip Badhams
Level 1
Level 1

‎03-09-2023 01:07 AM

Hello
I am adding new Jabber users to an existing 12.5 Cluster (CUCM,IM&P & CUC). Jabber is version 14.

When the user first logs in they get presented with the cert from the CUCM publisher. The cert has the CUCM publisher FQDN as the subject and FQDNs for the CUCM subs, IM&P pub / sub in the SAN. I will be getting the customer to deploy the certificates at the same time as Jabber in order to overcome this issue of the user having to accept it on first sign in.

What I am struggling with is why are the users not being presented with a certificate from Unity (whether or not they have a VM profile configured / a voicemail box). I would have expected a certificate to be presented as the CUC servers are not listed as SANs in the CUCM cert. 

Before the user logs in there are no UC certs in their user enterprise trust store.

I am reading the guide relating for certification validation, which suggests a unity certificate should be presented.

Jabber Complete How-To Guide for Certificate Validation - Cisco

Can someone please assist me in understanding why there is no Unity cert presented?

I have also spotted that a Unity SRV record is not required as per the jabber Deployment guide. In this case, as I correct in thinking that Jabber does not correctly directly with CUC but pull the CUC config from CUCM?
Cisco Jabber DNS Configuration Guide - Service (SRV) Records [Support] - Cisco

Thanks

 

0 Helpful
3 Replies 3

b.winter
VIP
VIP

‎03-09-2023 01:14 AM

Is the UC-profile for Unity assigned to the service profile, which is assigned to that enduser?
If no, then Jabber doesn't know anything about CUC and therefore doesn't connect to it --> no certificate is popping up.

If you set the VM profile on the line or not has nothing to do with that.

0 Helpful

Philip Badhams
Level 1
Level 1
In response to b.winter

‎03-09-2023 01:45 AM

The UC service profile assigned to the user is System Default ("Jabber")

Under the Jabber service profile there is a primary and a secondary voicemail service profile set. The credential source for the voicemail service is "CUCM - IM&P"

Looking at the two Voicemail UC services listed they are both UC service type of "Voicemail" and product type of "UC_Product_Jabber". Each references a FQDN of a CUC server on port 443 https.

Does this help?

0 Helpful

b.winter
VIP
VIP
In response to Philip Badhams

‎03-09-2023 02:03 AM

This looks good.
Just thinking out loud, what could be the cause:
- PC is not able to reach the CUCs
- CUCs have a CA-signed tomcat-cert, and the CA is already in the PC's trust store.
- The settings in CUC is missing, to allow Jabber to access the voicemail APIs.
-- "System settings --> Advanced --> API Settings --> Allow Access to Secure Message Recordings through CUMI"
-- In the corresponding class of service "Allow Users to Use the Web Inbox and RSS Feeds" and "Allow Users to Use Unified Client to Acces Voice Mail"

Customers Also Viewed These Support Documents