Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CUP Cisco Certificate Authority Proxy Function

I am having trouble getting the certificates to work in CUPS with exchange. I just tried to collect some logs and found on the trace configuration that

Cisco Certificate Authority Proxy Function shows as inactive and shows and n/a on the troubleshooting trace settings. How do I start this?

Thanks

4 REPLIES
VIP Super Bronze

Re: CUP Cisco Certificate Authority Proxy Function

CAPF is a UCM service and is unrelated to what you are attempting to do. Do not blindly start services without understanding what they do.

The most common fault with Exchange calendar integration is that you have not imported EVERY CA in the certificate chain of your Exchange OWA server. For example, the SSL certificate for the Cisco Support Community has two CAs in the chain: VeriSign Class 3 Public Primary Certificate Authority G2 and VeriSign Class 3 Secure Server CA G2. Both of these must be in the presence-trust store of the CUPS server. Your server certificate itself, should NOT be in the presence-trust store, only the issuing CAs in the chain.

If you have that correct, check that:

  • The certificate DN equals what you have configured in CUPS
  • That the CA bit is set on all of your issuing CAs in the chain. This shows up as "Is a certificate authority" under the Basic Certificate Constraints when viewed in Firefox.
  • That you do not have an Exhcnage 2003/2007 mixed environment (and thus have OWA redirection in use). A 4xx timout error in the CUPS log would suggest this is happening. You may need to do HTTP auth instead of forms-based auth.
Please remember to rate helpful responses and identify helpful or
New Member

Re: CUP Cisco Certificate Authority Proxy Function

ok this is what I have done so far

1) on my exchange server, clicked on Default web site , created a new certificate with a CN=labexchange.

2) sent this certificate to my CA (AD server) labad

3) open a web browser to owa and view the certificate, view the details for the certificate from labad and exported this certificate to a file

4) uploaded this certificate to the Presence trust site in CUPs

5) set the exchange gateway to the same name as the common name (labexchange)

6) set the login account for the gateway

7) restarted presence engine

I always get this error.


so what silly mistake have I made

can't seem to find where I get the certmgr logs

Thanks

VIP Super Bronze

Re: CUP Cisco Certificate Authority Proxy Function

3) open a web browser to owa and view the certificate, view the details for the certificate from labad and exported this certificate to a file

4) uploaded this certificate to the Presence trust site in CUPs

Which certificate did you view and upload: the labexchange certificate installed on your OWA server; or, the CA root certificate of your AD server? If you uploaded the former insted of the later, please re-read my previous answer.. you uploaded the wrong cert!

Please remember to rate helpful responses and identify helpful or
New Member

Re: CUP Cisco Certificate Authority Proxy Function

I uploaded the CA root certificate of the AD server ( so when I click on certification path it shows labad---labexchange

I click on labad (so top certificate) view and export

423
Views
0
Helpful
4
Replies