07-26-2010 11:05 PM - edited 03-19-2019 01:18 AM
Is it just me, or does CUPC8 ignore the certificate validation parameters passed via CUPS and/or the CSF registry (CcmcipServerValidation)? Not matter what I set in either place, the logs continuously reflect something like:
[CCMCIPProvider] [CCMCIPClient.fetchDevices(241)] - Unknown certification level, setting it to SELF_SIGNED_CERTS. Unknown level value:
[CCMCIPProvider] [CCMCIPClient.fetchDevices(244)] - Setting certification level to '1' (SELF_SIGNED_CERTS)
I’m assuming from the looks of this that the registry setting is bypassed in CUPC8 and it is supposed to get this from the CUPS server, but… no.
This presents something of a problem when trying use something besides a self-signed certificate on the CUCM... is this a known issue?
p.s. there appear to be similar implications for Unity Connection integration to CUPC, I have trouble using anything but self-signed certificates.. I must be missing something
08-05-2010 12:47 PM
We have run up against this exact problem. TAC told me it is a bug that has been reported and is in the state Development Engineer Pending. The only way I could get CUPC 8 to work for softphone and deskphone control was to revert to self-signed certs for Tomcat on the CUCM server. Hopefully they will get this fixed soon.
08-05-2010 01:00 PM
CSCth97316 - Cannot add 3rd party certificates to CSF keystore
CSCth97641 - CSF ignores CUP setting
Michael
08-05-2010 01:15 PM
The work around suggested in that bug does not work:
"Workaround:
If using CUPC, on CUP set server certificate validation to "Any Certificate" for CCMCIP and Meeting Place profiles used by CUPC"
No matter what is set in the server cert validation field on CUP for the CCMCIP profile, CUPC still errors with a CCMCIP certificate error. That's why you have to revert to self signed, because as the original poster said CUPC ignores these settings and only works with self signed certs.
08-05-2010 01:15 PM
That's good to get a couple more related bugs on this. We've been tracking CSCth98347 on the same issues, and were promised last week by TAC that a new release of CUPC8 would be released on CCO this week - there's still time for that yet I suppose, but we're waiting on this before rollout to all staff.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: