03-09-2023 01:07 AM
Hello
I am adding new Jabber users to an existing 12.5 Cluster (CUCM,IM&P & CUC). Jabber is version 14.
When the user first logs in they get presented with the cert from the CUCM publisher. The cert has the CUCM publisher FQDN as the subject and FQDNs for the CUCM subs, IM&P pub / sub in the SAN. I will be getting the customer to deploy the certificates at the same time as Jabber in order to overcome this issue of the user having to accept it on first sign in.
What I am struggling with is why are the users not being presented with a certificate from Unity (whether or not they have a VM profile configured / a voicemail box). I would have expected a certificate to be presented as the CUC servers are not listed as SANs in the CUCM cert.
Before the user logs in there are no UC certs in their user enterprise trust store.
I am reading the guide relating for certification validation, which suggests a unity certificate should be presented.
Jabber Complete How-To Guide for Certificate Validation - Cisco
Can someone please assist me in understanding why there is no Unity cert presented?
I have also spotted that a Unity SRV record is not required as per the jabber Deployment guide. In this case, as I correct in thinking that Jabber does not correctly directly with CUC but pull the CUC config from CUCM?
Cisco Jabber DNS Configuration Guide - Service (SRV) Records [Support] - Cisco
Thanks
03-09-2023 01:14 AM
Is the UC-profile for Unity assigned to the service profile, which is assigned to that enduser?
If no, then Jabber doesn't know anything about CUC and therefore doesn't connect to it --> no certificate is popping up.
If you set the VM profile on the line or not has nothing to do with that.
03-09-2023 01:45 AM
The UC service profile assigned to the user is System Default ("Jabber")
Under the Jabber service profile there is a primary and a secondary voicemail service profile set. The credential source for the voicemail service is "CUCM - IM&P"
Looking at the two Voicemail UC services listed they are both UC service type of "Voicemail" and product type of "UC_Product_Jabber". Each references a FQDN of a CUC server on port 443 https.
Does this help?
03-09-2023 02:03 AM
This looks good.
Just thinking out loud, what could be the cause:
- PC is not able to reach the CUCs
- CUCs have a CA-signed tomcat-cert, and the CA is already in the PC's trust store.
- The settings in CUC is missing, to allow Jabber to access the voicemail APIs.
-- "System settings --> Advanced --> API Settings --> Allow Access to Secure Message Recordings through CUMI"
-- In the corresponding class of service "Allow Users to Use the Web Inbox and RSS Feeds" and "Allow Users to Use Unified Client to Acces Voice Mail"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide