Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Certificates not working

Unanswered Question
Nov 10th, 2013
User Badges:

I have added godaddy certificates to the CUP, CUCM and Unity Servers.  All are installed correctly because TAC installed them for me.  The https web pages respond properly on all servers and even the Jabber for MAC clients no longer prompt for certificates however the Jabber for PC clients still do not recognize the certficates.  I have verified that the certificates are being presented to the clients and are valid in addition I have verified the host name matches and the root and intermediate certificates are installed on the servers.

Jabber for MAC version: 9.2.1 147214

Jabber for PC version: 9.2.6 12639

CUP Server Version 8.6.2 10000

All the latest versions.

Any ideas...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jasmeet Sandhu Sun, 11/10/2013 - 19:24
User Badges:
  • Cisco Employee,

Hey Michael,

Was this process followed to generate the cup-xmpp cert:

Provide XMPP Domain to Clients:


Step 1   Open the administration interface for your presence server, as follows:
Cisco Unified Communications Manager IM and Presence
Open the Cisco Unified CM IM and Presence Administration interface.
Cisco Unified Presence
Open the Cisco Unified Presence Administration interface.
Step 2   Select System > Security > Settings.
Step 3   Locate the XMPP Certificate Settings section.
Step 4   Specify the presence server domain in the following field: Domain name for XMPP Server-to-Server Certificate Subject Alternative Name.
Step 5   Select the following checkbox: Use Domain Name for XMPP Certificate Subject Alternative Name.
Step 6   Select Save.

Best Regards,


mterruso@random... Sun, 11/10/2013 - 20:35
User Badges:

We did but then after regenerating the cup-xmpp CSR and rekeying the certificate we receive an error stating that the subject CN does not match.  This should not be needed.  The MAC clients work fine.  The PC clients do not.


This Discussion

Related Content