[cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use
Heim, Dennis
Dennis.Heim at wwt.com
Thu Feb 5 13:27:55 EST 2015
For those windows clients you can run the following:
certutil -verify -urlfetch <Path-to-CUPS-tomcat-cert.cer>
That should show why the certificate is failing validation. If you use an internal ca to sign your certs include the following subject alternative names:
DNS:<FQDN>
DNS:<Hostname>
DNS:<IP-Address>
IP:<IP-Address>
I find that overkill usually helps certs validate.
A few other things:
-If using internal certificates, make sure that the AIA and CRL is published outside of Active Directory (aka via URL)
-Make sure your template is supporting Server AND Client authentication.
If you are using MRA, then the Expressway-E is the only entity the should require and external certificate.
Hope this helps.
Dennis Heim | Emerging Technology Architect (Collaboration)
World Wide Technology, Inc. | +1 314-212-1814
"Innovation happens on project squared" -- http://www.projectsquared.com
-----Original Message-----
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Gary Parker
Sent: Thursday, February 05, 2015 11:24 AM
To: Cisco VoIP Group
Subject: [cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use
Hi folks, I’m in the process of replacing a load of self-signed certs on my 8.6.x CUCM, CUC and CUP servers.
I’ve been having issues getting certs with the correct KeyUsage extensions from our current provider and wondered if anyone could recommend a company who can provide certificates that honour the requirements in the CSRs generated by the Cisco Unified Communications servers.
I’m particularly interested in certificates that contain the "digitalSignature, nonRepudiation,keyEncipherment,dataEncipherment” extensions as per:
http://blog.warcop.com/2015/01/22/cisco-jabber-certificate-warning-again/
Jabber for Windows clients 9.2.5 and greater are flagging invalid certificates on our currently installed TERENA certificates.
---
/-Gary Parker----------------------------------f--\
| Unified Communications Service Manager |
n Loughborough University IT Services |
| Tel: +441509635635 Mob: +447989172258 o
| http://delphium.lboro.ac.uk/pubkey.txt |
\r----------------------------------------------d-/
More information about the cisco-voip
mailing list