[cisco-voip] Call Manager, Jabber, and Certificates

Joe Loiacono jloiacon at csc.com
Thu Mar 19 09:18:50 EDT 2015


Thanks Matt - I agree with your process description.

CUCM has a capability to 'push' a certificate down to the Jabber clients. I
confess I don't know enough about it - wondering if it is only required
when the CUCM server certificate is 'self-signed'.

Joe



From:	Matthew Loraditch <MLoraditch at heliontechnologies.com>
To:	Joe Loiacono/USA/CSC at CSC, "cisco-voip at puck.nether.net"
            <cisco-voip at puck.nether.net>
Date:	03/19/2015 08:43 AM
Subject:	RE: [cisco-voip] Call Manager, Jabber, and Certificates



I’m not sure that interpretation is a correct description of the process.
All ssl certs indicate their issuer. As long as your device trusts that
issuer, it trusts certificates from that issuer.
For example if you go to https://www.cisco.com and look at their cert on a
window box you will see the certification path goes to a Baltimore
CyberTrust root with is included in Windows built in trusted roots supplied
by Microsoft.
Jabber works the same way it presents the various CUCM/IM&P/UCXN SSL certs
to your PC and your PC verifies them against what it already trusts.

It’s not pushing anything by my understanding.


Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518

Facebook | Twitter | LinkedIn | G+

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of
Joe Loiacono
Sent: Thursday, March 19, 2015 8:29 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Call Manager, Jabber, and Certificates



Jabber documentation indicates that the Certificate that the client may
require and is 'pushed' from  Call Manager is a 'root certificate' that
directs the Client to a trusted source that will validate the server's
(Call Manager hosts) offered certificate.

If the Call Manager certificate is from a public trusted Certificate
Authority(CA), and that CA is in the Windows certificate store, can the
Certificate 'push' be avoided altogether?

Thanks,

Joe Loiacono

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150319/a4d2dae5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150319/a4d2dae5/attachment.gif>


More information about the cisco-voip mailing list