Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1353
Views
0
Helpful
9
Replies

CUPS 8.6 - Exchange Calender Integration

Go to solution
rajesh.kumar
Level 4
Level 4

‎01-22-2012 05:09 AM - edited ‎03-16-2019 09:08 AM

We have CUPS 8.6 on production, we are planning to integrate CUPC with exchange calender.

We have configured Presence gateway with AD users, AD users are configured Exchange view only, Receive As permissions ect.

Once we configured it, we are getting below error.

Exchange Reachability (pingable) Reachable
Exchange SSL Connection/Certificate Verification

We would like to know what cerificate is missing and what certificate needs to be installed on CUPS.

I have attached the screen shot of gateway configuration and certificate error.

Pls. suggest.

Labels:
Preview file
90 KB
Preview file
93 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to rajesh.kumar

‎01-22-2012 08:40 AM

Yes. You need to look at the certificate chain, and ensure all the certs involved are installed. If there are multiple server (i.e. that ISA-02 is not the root CA) then you need the intermediate server certs as well.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to rajesh.kumar

‎01-22-2012 02:05 PM

Hi

If the two cluster members share the SAME subject name/certificate (e.g. regardess of which one is active, you accces it via CAS-CLUSTER) then you don't need to import both.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni

‎01-22-2012 05:28 AM

Hi

From what I can gather CUPS can pull the certificates from your Exchange server if it has a certificate issued directly by a root CA, by lcking the 'accept certificate chain' option. If you have a cert issued by a subordinate CA (which is very common) it doesn't seem to work.

Here's what I do:

1) Browse to OWA, then click the 'padlock' icon in IE or Firefox to view the certificate details.

2) On one of the tabs, you can export that certificate.

3) You can also view the certificate chain, do this and then view each certificate in the chain. Export each one to a file.

4) Once done, go to OS admin, and upload all the certificates (some may already have been imported, but one will  be missing at least). Import them as presence-trust certificates.

Once that's all done you should be able to validate the cert chain in presence admin.

Aaron Harrison

Principal Engineer at Logicalis UK

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
rajesh.kumar
Level 4
Level 4
In response to Aaron Harrison

‎01-22-2012 05:53 AM

Hi Aaron

I have did the same as you mentioned.

through OWA export the certificate and installed on CUPS through OS

Back in Gateway, I have  clicked "Configure" and checked Accept Cerificate Chain.

Exchange SSL Connection/Certificate Verification Missing Certificates 

I am getting same error.

Pls. advice.

I have attached the screenshot of OWA and CUPS certificate upload

Message was edited by: RAJESH KUMAR

Preview file
146 KB
0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to rajesh.kumar

‎01-22-2012 07:50 AM

Hi

In that cert2.jpg I don't see the cert for your the root CA (whatever that server is that ends in ISA-02 in the cert chain display).

You've highlighed something with CUPS in the hostame in the OS cert admin page - that looks like the CUPS  server certiicate, not your root CA.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
rajesh.kumar
Level 4
Level 4
In response to Aaron Harrison

‎01-22-2012 08:30 AM

Thanks,

I have below certificate(CAS-CLUSTER)installed on CUPS, which is downloaded from OWA.

Under Cups OS certificate,

--------------------------------------

cup-trust    trust-certs    CAS-CLUSTER.pem    CAS-CLUSTER.der

What you suggest is, we also need to install root certificate form the server ends with ISA-02 ?

Pls. suggest.

Rgds

Rajesh

0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to rajesh.kumar

‎01-22-2012 08:40 AM

Yes. You need to look at the certificate chain, and ensure all the certs involved are installed. If there are multiple server (i.e. that ISA-02 is not the root CA) then you need the intermediate server certs as well.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
rajesh.kumar
Level 4
Level 4
In response to Aaron Harrison

‎01-22-2012 08:47 AM

Thanks for the information,

ISA-02 is the root CA.

All the exchange CAS servered certificates are issued by ISA-02.

I will install exchannge CAS-CLUSTER ansd ISA-02 certifcate and update you.

One more question, we have ISA-01 and ISA-02 and CAS-CLUSTER (CAS-01 server, CAS-02 server), we need to install individual server certificate on CUPS ?

Thanks & Rgds

Rajesh

0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to rajesh.kumar

‎01-22-2012 02:05 PM

Hi

If the two cluster members share the SAME subject name/certificate (e.g. regardess of which one is active, you accces it via CAS-CLUSTER) then you don't need to import both.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
rajesh.kumar
Level 4
Level 4
In response to Aaron Harrison

‎01-23-2012 11:00 AM

Dear Aaron

Thanks a lot. Problem resolved after installing certiface chain (root CA and cas-cluster) on CUPS.

Rgds

Rajesh

0 Helpful

Go to solution
joeharb
Level 5
Level 5
In response to rajesh.kumar

‎11-15-2012 02:01 PM

What if ICMP isn't allowed to the exchange server, does this have to be enabled for this to work?

Thanks,

Joe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents