Re: How to change IM&P services certificate types (EC/RSA)?

ilyageller · ‎06-12-2022

Hello,

I have a UC setup with IM&P and I am trying to use a third party xmpp client (for chat) with the IM&P server.

The XMPP BOSH service of the IM&P is currently setup to use a self-signed certificate (default configuration I guess) and it has generated a certificate of type EC (Elliptic Curve).

In the certificate management page of the IM&P I see multiple services, some using RSA certificates, while others have a EC certificates.

In my case, I would like to use a CA signed certificate for the xmpp service ("cup-xmpp-ECDSA") , but the CA of my organization does not support EC certificates, and can only sign RSA type certificates.

It seems that each service has a predetermined key type and is not letting me select which one when generating a new CSR.

Is it possible to somehow change the cert type for this service from EC to RSA? or any service for that matter?

Thanks!

Jaime Valencia · ‎06-12-2022

No, you cannot do what you're asking.

HTH

java

if this helps, please rate

b.winter · ‎06-12-2022

Hi,

why do you wanna change it?

For most of the certificates, there are a double of certificates, one as RSA and one as EC, e.g. CUP-XMPP:

ilyageller · ‎06-13-2022

Ok so I also have an RSA certificate for cup-xmpp, however when I try to connect to the BOSH service using a CAXL client (in a web app), it always uses the EC certificate. Do you know if there is an option to force the client to use RSA?

b.winter · ‎06-13-2022

As this is not a problem on the Cisco side, you have to check the documentation for the client.

Because the client is the one, who establishes the TLS connection and in there, it wants to use EC.