Setting Up Certificate Validation for Jabber clients

johnhsnow · ‎07-24-2014

Hi:

I would like to get certificates signed from private internal CA for Jabber clients. Cisco documentation says it requires HTTP/Tomcat for CUPS, HTTP/Tomcat for CUCM and UCXN[8.6].

The exiting Tomcat certificate has these two files: tomcat.pem, tomcat.der and a bunch of tomcat-trust certificates as well with associated files.

My question is is there any harm in generating a new tomcat certifcate or could I just generate CSR's for the two existing Tomcat files to be signed? When you generate a new Tomcat certificate does it create or overwrite the .pem and .der? I don't want to break anything in this process so looking for some feedback.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_2_5/JABW_BK_CAAD3F25_00_cisco-jabber-for-windows-release-notes/JABW_BK_CAAD3F25_00_cisco-jabber-for-windows-release-notes_chapter_011.html

Jonathan Schulenberg · ‎07-26-2014

Generating a CSR for the Tomcat certificate and installing the signed certificate will replace the .pem/.der file you see listed. Once you sign the CSR and upload the final certificate, you'll need to restart Cisco Tomcat from the CLI for it to pickup the new cert. Anything that is in a -trust store is something that server will accept during a TLS/SSL handshake, not something it uses itself.