Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Jabber 9.7 certificate validation

Hello all,

 

I'm trying to get Certificate validation working with J4W 9.7 using IMP v9.1. I was able to get all the Tomcat certs working but struggling on the xmpp cert.

I'm following this guide 

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-presence/116917-technote-certificate-00.html

I have the following questions in relation to xmpp cert

 

  • when i create the CSR do i use cup-xmpp or do i use cup-xmpp-s2s ?
  • The document in the URL above references near the bottom "Provide XMPP Domain to Clients" if our environment uses the same "presence domain" that the server is in I presume i leave this section blank? Example our presence domain is .example.local and the presence server is in "example.local" both nodes in the cluster are using FQDN of "server.example.local"

Thanks

 

 

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions

CSR for cup-xmpp has to be

CSR for cup-xmpp has to be used.

cup-xmpp-s2s is "server to server" communication for inter domain federation.

 

The domain part is very important.

XMPP server certificates have to contain the jabber domain.

If your IM&P server is cups1.example.local and your presence domain is example.local the jabber id will be like user1@example.local. When Jabber connects to the xmpp server the certificate has to be valid for "example.local". A certificate which is only valid for cups1.example.local will create a validation error.

Cisco Employee

You would need to generate

You would need to generate the CSR for cup-xmpp

 

Refer to this doc for more info http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-presence/116917-technote-certificate-00.html

2 REPLIES

CSR for cup-xmpp has to be

CSR for cup-xmpp has to be used.

cup-xmpp-s2s is "server to server" communication for inter domain federation.

 

The domain part is very important.

XMPP server certificates have to contain the jabber domain.

If your IM&P server is cups1.example.local and your presence domain is example.local the jabber id will be like user1@example.local. When Jabber connects to the xmpp server the certificate has to be valid for "example.local". A certificate which is only valid for cups1.example.local will create a validation error.

Cisco Employee

You would need to generate

You would need to generate the CSR for cup-xmpp

 

Refer to this doc for more info http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-presence/116917-technote-certificate-00.html

454
Views
10
Helpful
2
Replies