Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

jabber for windows 9.2.6 client

hi

i have just upgraded some of my cisco jabber for windows clients to the latest release 9.2.6 (upgraded from 9.2.3)

i noticed that the first time the client startsup i get certificate warnings for our CUCM-PUB, SUB, CUC device and CUPS server. (all version 8.6)

all use the standard cisco SSL certificate (have not deployed 3rd party SSL certificates)

is there a way to get all these certificates trusted by the client machines, it has never prompted me before and works fine with 9.2.3

on the mac clients i have added them to the keychain when i first deployed the clients (manual job) but i like to see if i can automate this for my 30 windows clients (the users will not click on this themselves and will use it as an excuse not to load jabber (they don't like the call window pop ups but that is something for jabber 9.6 client

any idea how to get these certificates trusted by the windows computers (we have an 2008 r2 active directory so could do something with an group policy and or use our own internal windows certificate authority)

many thankss

Everyone's tags (4)
19 REPLIES
New Member

jabber for windows 9.2.6 client

Hi,

Certificate validation is feature that was started from 9.2.5 version, so this behavior is expected.

Regards,

Srdjan

New Member

jabber for windows 9.2.6 client

is there is a clever way to get these standard cisco certificates trusted on all my computers rather than having to start changing the SSL certificates to trusted 3rd party certifficates or using Windows Certificate Authority)

i tried importing the certificates but it needs to root certifcate trusted, i tried to import those on a client computer but hte jabber client still did not accept the certificate automatically.

many thanks

New Member

jabber for windows 9.2.6 client

You can do both.

You can deploy certs with GPO and store them into Enterprise container. Also you can issue new certs to CUCM, CUP, UC... by your CA.

In this second case, when you are filling connection settings, important thing is that you specify exact value what says in a cert.

For example, if CA issues a cert cupname.mydomain.com, you have to write exact the same into server field. Not just cupname.

New Member

jabber for windows 9.2.6 client

so i have my own windows enterprise CA on windows 2008 r2 server and i thought i would submit the CSR request to that but i ran into the following issue (preferably over using GPO as we also have mac clients that have the same SSL trust issue and i cannot resolve that issue via GPO for the mac clients)

btw there is no option to specify any of those values you mention when creating a CSR on unity connection server, it just takes the information from the unity server configuration but it seems correct so it is not an issue

here is my post in the UC section

https://supportforums.cisco.com/thread/2245955

if you have any ideas how to get around this that would be great

many thanks

New Member

jabber for windows 9.2.6 client

thanks for all the response

i had to create the certificate using the cli on my windows CA

certreq -submit -attrib "CertificateTemplate:WebServer"

but it worked

on the cups server it also seems i need to create an XMPP SSL certificate

would i use the same WebServer template as i did for tomcat or should i use a different template? does it matter

cuc, cups tomcat are now all running using the new windows CA certificate

just need to do the XMPP and then cucm-sub and pub

New Member

jabber for windows 9.2.6 client

I must say that I don't follow. But I'll tray to explain.

First create a srv request on you UC/CUCM/CUP then, paste that request to your CA.

Here later you will download the cert also.

Now you click on a Request a certificate. And on a next page "advanced... "

Paste the request. For User template choose Web Server.

Now download it.

And install it on your UC. Also you will have to install root cert also.

So this shouls be that.

When you start the jabber on a domain machine everything should work just fine.

If it's not... be free to ask again.

New Member

jabber for windows 9.2.6 client

I'll deployed our self signed certificates using certutil.

Commands:

certutil -f -addstore "trust" "\\server\Certificates\cert1.cer"

certutil -f -addstore "trust" "\\server\Certificates\cert2.cer"

certutil -f -addstore "trust" "\\server\Certificates\cert3.cer"

certutil -f -addstore "trust" "\\server\Certificates\cert4.sem"

J4W 9.2.6 seems to work quite good and stable. Now I will create a vb script that deletes the local photo cache, so the pictures are updated when changed on the website.

Come on Cisco, we are still waiting for call pickup feature and HL support.

Thanks

Kristian

New Member

jabber for windows 9.2.6 client

i created the SSL certificate for the cucm-pub and sub and restarted the tomcat service

when the jabber client starts up it still shows up a mismatch for hte SSL certificate for hte cucm pub and sub

the certificate is for cucm-pub.domain.com and but the jabber client is expecting uk-cucm-sub (without .domain)

i cannot see how i can change the cucm-pub to be listed as cucm-pub.domain.com for the certificate mismatch to go away

funnily enough the mac client has no such issues and it loads the client just fine without complaining about the SSL certificates and happily accepts the cucm-pub.domain.com ssl certificates

many thanks

New Member

jabber for windows 9.2.6 client

Why doesn't the CISCO jabber client have CISCO root CA's built in?  We are running with the webex connect hosted back end, this is an all Cisco solution.  Why do I have to import root CA's from CUCM?

New Member

jabber for windows 9.2.6 client

i replaced all the self signed certificates and replaced them with enterprise CA signed certificates for

cuc (vmail)

cucm-pub (call manager)

cucm-sub (call manager)

cups-pub (presence  server)

(all tomcat) and restarted the tomcat services on all these devices

on the cups-pub I also made the xmpp domain name changes (same domain as call manager. unity connection and windows domain) and created cup-xmpp and cup-xmpp-s2s certificates on the enterprise CA signed certificates and restarted the up xcp router service

when i start up the mac clients 9.2.1 everything works fine and all ssl certificates are automatically trusted.

on the windows client 9.2.6 it accepts the unity connection and presence server ssl certificates (quitely) but both call manager certificates brings up a prompt, but when you click on show certificate and click on certification path it shows the certificate is ok and trusted by the enterprise CA.

i checked the server names of the cucm boxes (uk-cucm-pub.domain.com and uk-cucm-sub.domain.com and all is fine

when i browse to the ccmadmin interface on those servers there is no SSL prompt and it shows the SSL certificate is trusted.

i am stumped, i could manually accept these certificates but i am trying to make this as seamless as possible for our end users (mac users are all happy)

any tricks or things to check?

New Member

jabber for windows 9.2.6 client

It seams that this really doesn't work. I raised a bug regarding CUCM popup window. So we can track this issue. ID of a bug is CSCul27120

New Member

jabber for windows 9.2.6 client

Hi, did you work out how to sign the cup-xmpp certificates?  We are using a Windows 2008R2 Enterprise CA and I don't see any templates that match the intended purposes listed in the self-signed cup-xmpp certificate.  I hesitate to use the Web-Server template like I did for the CUCM, CUC, and CUPS Tomcat certificates.  We are running Presence 8.6.4.  Thanks!

New Member

jabber for windows 9.2.6 client

i have exactly same setup (2008 r2 enterprise CA and cups 8.6.4_ and used webserver template just like for tomcat certificates

i had same reservations but decided to bite the bullet and it worked out fine

Bronze

jabber for windows 9.2.6 client

I also ran into the issue of Jabber looking for the hostname and not the FQDN.  Looks like you can add an alternative name to the web-security section of the CLI. 

Here's the doc I'm referencing.

https://supportforums.cisco.com/docs/DOC-6119

Basically had to specify the new cert info, including the optional alt name.  Then I had to regenerate the certificates, download the CSR and import into Microsoft Cert services and download and install.

It all looks good, except for my three cup related certs.  I've regenerated a few times and it keeps adding the following to alternative name, even after I specify the new one.

1) Server.domain.local (dNSName)

2) sip:CN=Server.domain.local (dNSName)

I need a third one to have

3) Server

Still chugging on this.

JB

New Member

jabber for windows 9.2.6 client

when i run show web-security i get this

admin: show web-security
[
  Version: V3
  Serial Number: 441991719279266168307794
  SignatureAlgorithm: SHA1withRSA (1.2.840.113549.1.1.5)
  Issuer Name: CN=mydomain-CA, DC=mydomain, DC=com
  Validity From: Mon Oct 28 15:32:30 GMT 2013
           To:   Wed Oct 28 15:32:30 GMT 2015
  Subject Name: CN=uk-cucm-pub.mydomain.com, OU=IT, O=mydomain, L=London, ST=London, C=GB
  Key: RSA (1.2.840.113549.1.1.1)
    Key value: 3082010a0282010100d2a01565f2533b3602158e83fede75fef2751aa957902e0e556e814bb7e6aaed5d5138b6cf3d87d59f5c4be2740ab9f5dc3318a34ab551daa817f6ccd562c3c628f75ef278ed81bbd816ec44d178da86850c3bdd74b727cde092616e7674785c45efc88e98ba4d89da97fc92ac2901f41c23ed692460a1d64c171a6d5613dfe2e1bab2b82f5f1a5d9fe55b067e858a0d2cd48a8be59c9e54cccdac1238acd2738128626252b3e69198fc852217f930d6cd2bc6a3481452be355bae6c6ccfc7d5e86a39ff7b0304cfb53e1555ccc8c4224cf661f912946b4e0db2926991d704f65cd92546155048cecb0f11c5046f743434d1577cbb4c175611acdf2fbf33bfb30203010001
  Extensions: 7 present
  [
     Extension: ExtKeyUsageSyntax (OID.2.5.29.37)
     Critical: false
     Usage oids: 1.3.6.1.5.5.7.3.1,
  ]
  [
     Extension: KeyUsage (OID.2.5.29.15)
     Critical: false
     Usages: digitalSignature, keyEncipherment,
  ]
  [
     Extension: SubjectKeyIdentifier (OID.2.5.29.14)
     Critical: false
     keyID: 8e9c68b7e4acc73c6734b1df3d9ca0a7ccb7183d
  ]
  [
     Extension: AuthorityKeyIdentifier (OID.2.5.29.35)
     Critical: false
     keyID: 88c4622540d7efbbdac1af207249c77c287f9c6c
  ]
  [
     Extension: CRLDistributionPoints (OID.2.5.29.31)
     Critical: false
     [
     distributionPoint
        fullName: 1 names
          1) ldap:///CN=mydomain-CA,CN=UK-CA,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mydomain,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint (uri)

     [
  ]
  [
     Extension: AuthorityInfoAccessSyntax (OID.1.3.6.1.5.5.7.1.1)
     Critical: false
     [
     accessMethod: 1.3.6.1.5.5.7.48.2
     accessLocation: ldap:///CN=mydomain-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mydomain,DC=com?cACertificate?base?objectClass=certificationAuthority (uri)
     [
  ]
  [
     Extension:  (OID.1.3.6.1.4.1.311.20.2)
     Critical: false
     Value: 04141e12005700650062005300650072007600650072  ]

  Signature:
lots of text
]-----BEGIN CERTIFICATE-----
certificate characters
-----END CERTIFICATE-----

no sign of subject alternate names in those details so am not sure how i would change this

on your cucm system are your host details listed as ip address or host name, mine are listed as ip address and perhaps the certificate mismatch is caused by these settings?

Host Name/IP Address Description
10.33.2.20 PUBLISHER
10.33.2.21 SUBSCRIBER 1

if the cucm servers were listed as uk-cucm-pub or uk-cucm-pub.mydomain.com and uk-cucm-sub.mydomain.com perhaps it would accept the certificates

web-security
[
  Version: V3
  Serial Number: 441991719279266168307794
  SignatureAlgorithm: SHA1withRSA (1.2.840.113549.1.1.5)
  Issuer Name: CN=Accel-CA, DC=accel, DC=com
  Validity From: Mon Oct 28 15:32:30 GMT 2013
           To:   Wed Oct 28 15:32:30 GMT 2015
  Subject Name: CN=uk-cucm-pub.accel.com, OU=IT, O=Accel, L=London, ST=London, C=GB
  Key: RSA (1.2.840.113549.1.1.1)
    Key value: 3082010a0282010100d2a01565f2533b3602158e83fede75fef2751aa957902e0e556e814bb7e6aaed5d5138b6cf3d87d59f5c4be2740ab9f5dc3318a34ab551daa817f6ccd562c3c628f75ef278ed81bbd816ec44d178da86850c3bdd74b727cde092616e7674785c45efc88e98ba4d89da97fc92ac2901f41c23ed692460a1d64c171a6d5613dfe2e1bab2b82f5f1a5d9fe55b067e858a0d2cd48a8be59c9e54cccdac1238acd2738128626252b3e69198fc852217f930d6cd2bc6a3481452be355bae6c6ccfc7d5e86a39ff7b0304cfb53e1555ccc8c4224cf661f912946b4e0db2926991d704f65cd92546155048cecb0f11c5046f743434d1577cbb4c175611acdf2fbf33bfb30203010001
  Extensions: 7 present
  [
     Extension: ExtKeyUsageSyntax (OID.2.5.29.37)
     Critical: false
     Usage oids: 1.3.6.1.5.5.7.3.1,
  ]
  [
     Extension: KeyUsage (OID.2.5.29.15)
     Critical: false
     Usages: digitalSignature, keyEncipherment,
  ]
  [
     Extension: SubjectKeyIdentifier (OID.2.5.29.14)
     Critical: false
     keyID: 8e9c68b7e4acc73c6734b1df3d9ca0a7ccb7183d
  ]
  [
     Extension: AuthorityKeyIdentifier (OID.2.5.29.35)
     Critical: false
     keyID: 88c4622540d7efbbdac1af207249c77c287f9c6c
  ]
  [
     Extension: CRLDistributionPoints (OID.2.5.29.31)
     Critical: false
     [
     distributionPoint
        fullName: 1 names
          1) ldap:///CN=Accel-CA,CN=UK-CA,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=accel,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint (uri)

     [
  ]
  [
     Extension: AuthorityInfoAccessSyntax (OID.1.3.6.1.5.5.7.1.1)
     Critical: false
     [
     accessMethod: 1.3.6.1.5.5.7.48.2
     accessLocation: ldap:///CN=Accel-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=accel,DC=com?cACertificate?base?objectClass=certificationAuthority (uri)
     [
  ]
  [
     Extension:  (OID.1.3.6.1.4.1.311.20.2)
     Critical: false
     Value: 04141e12005700650062005300650072007600650072  ]

  Signature:
  0000: 90 e8 32 00 2e f3 58 ec 18 20 6d 54 0a 49 9c ce [..2...X.. mT.I..]
  0010: 94 90 02 6e 2f 15 1e f2 c3 6c 45 96 14 8e ff 25 [...n/....lE....%]
  0020: 39 db 50 08 03 3b 48 a3 c7 69 7a 03 76 d1 e3 3d [9.P..;H..iz.v..=]
  0030: 73 94 08 7c d3 13 f2 7c 58 ff ba 26 47 ed 6a 50 [s..|...|X..&G.jP]
  0040: 9d 80 f8 64 cc dd 34 9f 95 32 3f 7f 32 04 f4 8b [...d..4..2?.2...]
  0050: 86 e3 9d 23 03 06 06 ad f2 1b e0 0a a6 ed c0 3d [...#...........=]
  0060: d4 dd 57 0f 61 d3 2b 14 d1 d0 3e c4 3a e3 df ac [..W.a.+...>.:...]
  0070: c7 b8 dd 37 ba e2 e6 aa 35 a1 9b 7d 27 b8 d0 5a [...7....5..}'..Z]
  0080: d9 cc d9 89 90 e0 72 de b1 32 4d d2 fc c8 2e c0 [......r..2M.....]
  0090: a1 f9 57 8e b7 9d 1d 00 d8 a8 4d 26 ed c6 92 f6 [..W.......M&....]
  00a0: 99 7a 1c ee 58 8d 76 20 7b af a1 54 0b 57 c3 d3 [.z..X.v {..T.W..]
  00b0: 92 1f 64 d0 04 22 ae 17 c2 2a 1d d1 83 e0 c3 85 [..d.."...*......]
  00c0: 67 4e 94 67 65 e8 e2 39 87 ef 78 f7 41 7e bd 34 [gN.ge..9..x.A~.4]
  00d0: 79 8d be ae 45 5c 56 73 1d 6c 02 bf 3a 93 b4 a9 [y...E\Vs.l..:...]
  00e0: f8 80 76 f1 ad 42 6e 42 cd 54 00 1e ca c5 b8 98 [..v..BnB.T......]
  00f0: 05 a4 dd 3c 89 47 7b 4a 61 af 4b 32 2c 0c 96 a6 [...<.G{Ja.K2,...]

]-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIKXZhrSwAAAAAAUjANBgkqhkiG9w0BAQUFADA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRUwEwYKCZImiZPyLGQBGRYFYWNjZWwxETAPBgNVBAMT
CEFjY2VsLUNBMB4XDTEzMTAyODE1MzIzMFoXDTE1MTAyODE1MzIzMFowbDELMAkG
A1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjEPMA0GA1UEBxMGTG9uZG9uMQ4wDAYD
VQQKEwVBY2NlbDELMAkGA1UECxMCSVQxHjAcBgNVBAMTFXVrLWN1Y20tcHViLmFj
Y2VsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANKgFWXyUzs2
AhWOg/7edf7ydRqpV5AuDlVugUu35qrtXVE4ts89h9WfXEvidAq59dwzGKNKtVHa
qBf2zNViw8Yo917yeO2Bu9gW7ETReNqGhQw73XS3J83gkmFudnR4XEXvyI6Yuk2J
2pf8kqwpAfQcI+1pJGCh1kwXGm1WE9/i4bqyuC9fGl2f5VsGfoWKDSzUiovlnJ5U
zM2sEjis0nOBKGJiUrPmkZj8hSIX+TDWzSvGo0gUUr41W65sbM/H1ehqOf97AwTP
tT4VVczIxCJM9mH5EpRrTg2ykmmR1wT2XNklRhVQSM7LDxHFBG90NDTRV3y7TBdW
EazfL78zv7MCAwEAAaOCAgkwggIFMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1Ud
DwQEAwIFoDAdBgNVHQ4EFgQUjpxot+SsxzxnNLHfPZygp8y3GD0wHwYDVR0jBBgw
FoAUiMRiJUDX77vawa8gcknHfCh/nGwwgcIGA1UdHwSBujCBtzCBtKCBsaCBroaB
q2xkYXA6Ly8vQ049QWNjZWwtQ0EsQ049VUstQ0EsQ049Q0RQLENOPVB1YmxpYyUy
MEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9
YWNjZWwsREM9Y29tP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmpl
Y3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCBuAYIKwYBBQUHAQEEgaswgagw
gaUGCCsGAQUFBzAChoGYbGRhcDovLy9DTj1BY2NlbC1DQSxDTj1BSUEsQ049UHVi
bGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlv
bixEQz1hY2NlbCxEQz1jb20/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz
PWNlcnRpZmljYXRpb25BdXRob3JpdHkwIQYJKwYBBAGCNxQCBBQeEgBXAGUAYgBT
AGUAcgB2AGUAcjANBgkqhkiG9w0BAQUFAAOCAQEAkOgyAC7zWOwYIG1UCkmczpSQ
Am4vFR7yw2xFlhSO/yU521AIAztIo8dpegN20eM9c5QIfNMT8nxY/7omR+1qUJ2A
+GTM3TSflTI/fzIE9IuG450jAwYGrfIb4Aqm7cA91N1XD2HTKxTR0D7EOuPfrMe4
3Te64uaqNaGbfSe40FrZzNmJkOBy3rEyTdL8yC7AoflXjredHQDYqE0m7caS9pl6
HO5YjXYge6+hVAtXw9OSH2TQBCKuF8IqHdGD4MOFZ06UZ2Xo4jmH73j3QX69NHmN
vq5FXFZzHWwCvzqTtKn4gHbxrUJuQs1UAB7KxbiYBaTdPIlHe0phr0syLAyWpg==
-----END CERTIFICATE-----
Bronze

jabber for windows 9.2.6 client

This is how I changed mine.

admin:set web-security ?

Syntax:

set web-security orgunit orgname locality state [country] [alternatehostname]

orgunit  mandatory   organizational unit

orgname  mandatory   organizational name

locality mandatory   location of organization

state    mandatory   state of organization

country  optional   country code can not be changed

alternatehostname  optional   alternate host name

I opened a TAC case to resolve this as well.  In Cluster Topology I was asked if I used hostname or FQDN.  Also sent other settings to check for FQDN versus Hostname.  Sent this link as well.

http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_2_5/JABW_BK_CAAD3F25_00_cisco-jabber-for-windows-release-notes_chapter_011.html

More to come.

New Member

jabber for windows 9.2.6 client

my cisco integrator (insight in the UK) emailed me this and having checked all these settings i noticed an issue with the TFTP server hostname/ip address mismatch

How to Prevent Identity Mismatch

When a Jabber Client attempts to connect to a server with an IP address and the server certificate identifies the server with an FQDN, the client cannot identify the server as trusted and prompts the user. So, if your server certificates identify the servers with FQDNs, you will need to specify the server name as FQDN throughout many places on your servers.

In the table below you will find all of the places that need to specify the server name as it appears in the certificate, whether it be IP address or FQDN.

Server

Location – Setting much Match Certificate

Cisco Jabber Clients

Login Server Address (Differs for clients, Normally under Connection Settings)

Cisco Unified Presence (8.x and below)

**All Node Names (System -> Cluster Topology)

**WARNING: Make sure if you change this to FQDN you can resolve this via DNS or servers will get stuck in starting state!!

TFTP Servers (Application -> Cisco Jabber -> Settings)

Primary and Secondary CCMCIP (Application -> Cisco Jabber -> CCMCIP Profile)

Voicemail Host Name (Application -> Cisco Jabber -> Voicemail Server)

Mailstore Name (Application -> Cisco Jabber -> Mailstore)

Conferencing Host Name(Application -> Cisco Jabber -> Conferencing Server) (Meeting Place Only)

XMPP Domain (See Section Provide XMPP Domain to Clients below)

Cisco Unified Communications Manager IM and Presence (9.x and above)

**All Node Names (System -> Cluster Topology)

**WARNING: Make sure if you change this to FQDN you can resolve this via DNS or servers will get stuck in starting state!!

TFTP Servers (Application -> Cisco Jabber -> Settings)

Primary and Secondary CCMCIP (Application -> Legacy Clients -> CCMCIP Profile)

XMPP Domain (See Section Provide XMPP Domain to Clients below)

Cisco Unified Communications Manager (8.x and below)

Server Name (System -> Server) (**Only if Secure SIP**)

Cisco Unified Communications Manager (9.x and above)

Server Name (System -> Server) (**Only if Secure SIP**)

IM and Presence Server (User Management -> User Settings -> UC Service -> IM and Presence)

Voicemail Host Name (User Management -> User Settings -> UC Service -> Voicemail)

Mailstore Name (User Management -> User Settings -> UC Service -> Mailstore)

 

Conferencing Host Name ((User Management -> User Settings -> UC Service -> Conferencing) (Meeting Place Only)

Cisco Unity Connection (All Versions)

No Change needed

i checked everything and i had an IP listed for the TFTP servers and not the FQDN, i changed this to FQDN and exited the jabber clients and launched them and now it is working fine, no more SSL notifications.

interestingly i also only had the ip address for the CUC voicemail host name listed but this seems to make no difference, it is the mailstore that is important (should have FQDN listed) but i will change it anyway

New Member

jabber for windows 9.2.6 client

We got this working by doing a couple things.  First, using the web server template worked to generate the certificate.  Thanks for the informtion on that.  Next, our vendor upgraded our Presence server from  8.6.4 to 8.6.5, and all of a sudden it could process subject alternate names.  I also added the XMPP domain under System > Security Settings, even though documentation makes it sound like that will be needed for vesion 9.x, not 8.x.  Last there was a profile using ip's instead of fqdn's for the call managers so clients continued to get certificate errors until that was fixed.

So things seemed to work in this order: 1) update Presence server 2) add XMPP domain 3) regenerate all Presence certs and use web server template in Windows CA, and 4) make sure FQDN's used instead of ip's.

Thanks everyone!

New Member

jabber for windows 9.2.6 client

Hello Steve,

I posted this  question here

https://supportforums.cisco.com/message/4044007#4044007

Asking about what settings you use under 2) Add XMPP Domain

Can you comment on this?

Thanks

6468
Views
5
Helpful
19
Replies
CreatePlease login to create content