[cisco-voip] Jabber Users Prompted To Accept Webex Cert

[Gary Parker]

Morning all, a few years back we had a problem where lots of our managed Windows service users were complaining that their Jabber clients had started rejecting a certificate offered by idbroker.webex.com

This thread on community.cisco.com (https://community.cisco.com/t5/unified-communications/jabber-idbroker-webex-com-certificate-request-during-the-first/td-p/3216376) showed we weren’t the only ones, but that it seemed limited to managed clients.

We solved this by adding the EXCLUDED_SERVICES=WEBEX flag to the installer on our managed clients.

Fast forward to today and we suddenly have a load of service desk cases from users again. Nothing has changed in our configuration of Jabber client, IM&P servers or expressways. The clients haven’t been updated recently, and this time we’re also seeing the “Certificate not valid” pop-up on unmanaged Windows machines as well as our managed service. The cert that’s being rejected has validity start date of late September, so it doesn’t appear to be a cert that’s only just been brought into use.

Is anyone else seeing this today?

As a workaround I’ve added:

<ServiceDiscoveryExcludedServices>WEBEX</ServiceDiscoveryExcludedServices>

...to our jabber-config.xml, but that will require users to manually reset their clients. Not sure why I hadn’t done earlier ¯\_(ツ)_/¯