J4W 9.2.6 and Jabber for Mobile 9.6 : Certificate Management

Driss BENATTOU · ‎02-18-2014

Hello,

I have deployed 2 Cisco IM & P servers 9.1.1. When client jabber log in, the server presents 3 certificates (IM&P Pub, IM&P Sub, CUCM) to be validated and saved in local trust store.

What are the certificates that I have to sign against the Private CA ? Or Do I only upload Root CA of the company into IM&P servers ?

Gonzalo Gasca Meza · ‎02-19-2014

Hi Driss,

Per my understanding the certificates that are presented are the Tomcat self-signed Certificates that are created during CUPS Pub&Sub and CUCM installation.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_2/JABW_BK_C9731738_00_jabber-windows-install-config/JABW_BK_C9731738_00_jabber-windows-install-config_chapter_01001.html

Here I see you have 3 options:

a) Complex: Install thirdparty certs in your CUCM/CUPS servers, those certs should be issued by a Certificate Authority which root certificate is already part of your Truststore in Mobile client (Example: Verisign, Godaddy, etc.)

This process in CUCM/CUPS has been there for a while, you can look up how to install third party certs for CUCM/CUPS. Process is very straight forward, you generate a CSR (Tomcat), provide the CSR to your CA and then obtain the new cert, once you have the new cert, import it to your CUCM. The CA must be a trusted one by your clients (Example: Verisign, Godaddy, etc)

b) Simple: Import those default Tomcat CUCM/CUP self-signed certificates into your Desktops/Mobile clients trust store.

c) Annoying: Educate users to select Accept certificates

-Gonzalo

Driss BENATTOU · ‎02-20-2014

Hi Gonzalo,

Thank you for your reply. I'm trying to execute the first action plan. But, I'm facing some issues that I'm trying to resolve with TAC. Once finished, I will update the post.

Thanks

Driss