[cisco-voip] Call Manager, Jabber, and Certificates

Matthew Loraditch MLoraditch at heliontechnologies.com
Thu Mar 19 08:42:55 EDT 2015


I'm not sure that interpretation is a correct description of the process. All ssl certs indicate their issuer. As long as your device trusts that issuer, it trusts certificates from that issuer.
For example if you go to https://www.cisco.com and look at their cert on a window box you will see the certification path goes to a Baltimore CyberTrust root with is included in Windows built in trusted roots supplied by Microsoft.
Jabber works the same way it presents the various CUCM/IM&P/UCXN SSL certs to your PC and your PC verifies them against what it already trusts.

It's not pushing anything by my understanding.


Matthew G. Loraditch - CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518

Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Joe Loiacono
Sent: Thursday, March 19, 2015 8:29 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Call Manager, Jabber, and Certificates


Jabber documentation indicates that the Certificate that the client may require and is 'pushed' from  Call Manager is a 'root certificate' that directs the Client to a trusted source that will validate the server's (Call Manager hosts) offered certificate.

If the Call Manager certificate is from a public trusted Certificate Authority(CA), and that CA is in the Windows certificate store, can the Certificate 'push' be avoided altogether?

Thanks,

Joe Loiacono
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150319/78e57e1a/attachment.html>


More information about the cisco-voip mailing list