Solved: IM&P cup-xmpp certificate/CSR

rchaseling · ‎09-19-2016

Hi,

I have an UCM/IM&P 11.5.1.10000 cluster and the customer is signing all the required servers/services with their Corporate CA. I am submitting the CSRs to the customer as Multi-SAN certificates.

The customer is unable to sign certificates with a SAN that is not an actual server ie "domain.com" - it has to be server01.domain.com

When creating the CSRs on 11.5 on UCM,IM&P,CUC it autopopulates the top level domain as a SAN though you can remove it on all..... except for the cup-xmpp request.

Anyone know

1. Is the presence domain required to be a SAN for the cup-xmpp service to function?

2. If not is there anyway to remove it?

Thanks

Jaime Valencia · ‎09-19-2016

Yes, that is required to be there

The client identifies XMPP certificates with the XMPP domain, rather than with the FQDN. The XMPP certificates must contain the XMPP domain in an identifier field.

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-presence/116917-technote-certificate-00.html

HTH

java

if this helps, please rate

View solution in original post

Jaime Valencia · ‎09-19-2016

Yes, that is required to be there

The client identifies XMPP certificates with the XMPP domain, rather than with the FQDN. The XMPP certificates must contain the XMPP domain in an identifier field.

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-presence/116917-technote-certificate-00.html

HTH

java

if this helps, please rate

rchaseling · ‎09-20-2016

Thanks Jaime!

It's easy when you find the right doc :-)