We have both internal and external staff using Jabber for instant messaging. We started on version 9.2 for Windows and have periodically upgraded, the most recent version deployed is 9.7.2 for a handful of staff, most staff are on 9.6.
Certificate management has always been a bit awkward. Remote staff connect to connect.ourorganisation.com.au which NATs off a public IP to the internal CUPS server. Internal staff can use that address too, but auto detect works and some staff (particularly IT) enter the short unqualified hostname of the CUPS server to connect to it.
We recently became aware that remote staff using the outside FQDN to access the server have lost access in the wake of a client upgrade. Because these are most commonly smartphone users who periodically tap "update" to suggested updates, they've been upgraded past what appears to be the point where a optional prompt to accept the CUPS certificate (with short hostname.IM domain name) has gone and they are just refused access to the server with "unable to discover server address"
I've researched around and can't find clear instructions on how to cut a new certificate for the server so that clients can connect again, and I'm pretty annoyed that this fundamental change to the way we connect to IM became mandatory and blocked off a bunch of our staff. How do I create an FQDN certificate (self signed, the attack surface from a MIM or evil twin here for an instant messaging service is stupidly small) and apply it to the server so that it identifies itself in a way that post 9.2(?) clients can connect?
Hi friend, I'm trying to test the access to jabber IM from the internet. I have nat the CUPS server with a public IP Address and open the required ports (5222/5223/8443), but the smartphones (android devices) cannot connect. Is it possible to do that?
Did you ever resolve Jabber external access? I'm trying to accomplish the same thing with CUPS 8.6 but not making any progress. I can telnet to the server on ports 8443 and 5269 but Jabber client will not connect.
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.