cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1319
Views
0
Helpful
4
Replies

CUPC8 + CCMCIP + certificates

Is it just me, or does CUPC8 ignore the certificate validation parameters passed via CUPS and/or the CSF registry (CcmcipServerValidation)?  Not matter what I set in either place, the logs continuously reflect something like:

[CCMCIPProvider] [CCMCIPClient.fetchDevices(241)] - Unknown certification level, setting it to SELF_SIGNED_CERTS.  Unknown level value:
[CCMCIPProvider] [CCMCIPClient.fetchDevices(244)] - Setting certification level to '1' (SELF_SIGNED_CERTS) 

I’m assuming from the looks of this that the registry setting is bypassed in CUPC8 and it is supposed to get this from the CUPS server, but… no.

This presents something of a problem when trying use something besides a self-signed certificate on the CUCM... is this a known issue?

p.s. there appear to be similar implications for Unity Connection integration to CUPC, I have trouble using anything but self-signed certificates.. I must be missing something

4 Replies 4

tosgood
Level 1
Level 1

We have run up against this exact problem. TAC told me it is a bug that has been reported and is in the state Development Engineer Pending. The only way I could get CUPC 8 to work for softphone and deskphone control was to revert to self-signed certs for Tomcat on the CUCM server. Hopefully they will get this fixed soon.

htluo
Level 9
Level 9

CSCth97316 -  Cannot add 3rd party certificates to CSF keystore

CSCth97641 - CSF ignores CUP setting

Michael

http://htluo.blogspot.com

The work around suggested in that bug does not work:

"Workaround:

If using CUPC, on CUP set server certificate validation to "Any Certificate" for CCMCIP and Meeting Place profiles used by CUPC"

No matter what is set in the server cert validation field on CUP for the CCMCIP profile, CUPC still errors with a CCMCIP certificate error. That's why you have to revert to self signed, because as the original poster said CUPC ignores these settings and only works with self signed certs.

That's good to get a couple more related bugs on this. We've been tracking CSCth98347 on the same issues, and were promised last week by TAC that a new release of CUPC8 would be released on CCO this week - there's still time for that yet I suppose, but we're waiting on this before rollout to all staff.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: