[cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use

Heim, Dennis Dennis.Heim at wwt.com
Thu Feb 5 13:27:55 EST 2015 

For those windows clients you can run the following:

certutil -verify -urlfetch <Path-to-CUPS-tomcat-cert.cer>

That should show why the certificate is failing validation. If you use an internal ca to sign your certs include the following subject alternative names:
DNS:<FQDN>
DNS:<Hostname>
DNS:<IP-Address>
IP:<IP-Address>

I find that overkill usually helps certs validate.

A few other things:
-If using internal certificates, make sure that the AIA and CRL is published outside of Active Directory (aka via URL)
-Make sure your template is supporting Server AND Client authentication.

If you are using MRA, then the Expressway-E is the only entity the should require and external certificate.

Hope this helps.



Dennis Heim | Emerging Technology Architect (Collaboration)
World Wide Technology, Inc. | +1 314-212-1814


"Innovation happens on project squared" -- http://www.projectsquared.com


-----Original Message-----
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Gary Parker
Sent: Thursday, February 05, 2015 11:24 AM
To: Cisco VoIP Group
Subject: [cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use

Hi folks, I’m in the process of replacing a load of self-signed certs on my 8.6.x CUCM, CUC and CUP servers.

I’ve been having issues getting certs with the correct KeyUsage extensions from our current provider and wondered if anyone could recommend a company who can provide certificates that honour the requirements in the CSRs generated by the Cisco Unified Communications servers.

I’m particularly interested in certificates that contain the "digitalSignature, nonRepudiation,keyEncipherment,dataEncipherment” extensions as per:

http://blog.warcop.com/2015/01/22/cisco-jabber-certificate-warning-again/

Jabber for Windows clients 9.2.5 and greater are flagging invalid certificates on our currently installed TERENA certificates.

---
/-Gary Parker----------------------------------f--\
|     Unified Communications Service Manager      |
n       Loughborough University IT Services       |
|     Tel: +441509635635  Mob: +447989172258      o
|     http://delphium.lboro.ac.uk/pubkey.txt      |
\r----------------------------------------------d-/

More information about the cisco-voip mailing list