04-07-2022 09:37 AM
We are running version 12.5 SU5
Cups xmpp server was replaced with a new one about 2 weeks ago, issued from Digicert. It has the same root and issuing authorities as the previous one.
We use Digicert for all CM certificates and have replaced many over the years so we are familiar with the process.
Everything seemed normal when installing the new one, the new cert replaced the old one in the cups cert store as expected. The old cert is not displayed in the cert store in the GUI or the CLI.
However, somehow the old cert is still being presented to the Jabber clients which is causing an expiration message because the old one expired on April 5.
This is only happening when the clients are on-net and communication directly with the CM environment.
When off-net, clients go through Expressway and do not get the old cert presented to them.
We've restarted the service but not the server yet. Plan to restart the server tonight.
Has anyone ever seen where an old certificate is still being presented even though it doesn't seem to exist in the cert store?
Thanks.
Solved! Go to Solution.
04-11-2022 02:25 PM
04-07-2022 09:45 AM
If you go to certificate management do you see the CSR listed or have the option to upload the certificate and see the option for that specific certificate?
04-07-2022 02:56 PM
There are no CSRs listed and no option to upload anything. The new certificate is in the cert store as expected, serial number matches what it should be.
When looking at the serial number in the cert presented to Jabber, it matches the expired cert that is not visible anywhere in CM.
04-07-2022 03:16 PM
If the server restart doesn't do the trick, I'd suggest a TAC case as they might need to look at this with root to find out what's going on.
04-07-2022 03:22 PM
TAC has also recommended the restart. I was just curious if anyone had ever encountered this.
04-08-2022 05:53 PM
The restart fixed it on one node but not the other. We've moved everyone to the node that presents the correct certificate while working through it with TAC.
04-11-2022 02:25 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide