Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Jabber for Windows Certificate Issues

Hi,

 

I have configured a Cisco Jabber with device security mode "Encrypted". Once I use this mode I am getting a error message in Cisco Jabber as:

"The certificate enrollment for secure computer calling has not been activated. Contact your system administrator."

The softphone feature is not working because of this.

 

Do you have any fix for this issue?

 

Thanks,

VJ

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Super Bronze

Is your CUCM cluster setup

Is your CUCM cluster setup for mixed mode? If yes, what enrollment method did you chose as soft phones only support Authentication String. Only physical phones will have a MIC to do CAPF enrollment by.

VIP Super Bronze

This is expected behavior.

This is expected behavior. The authentication string is a one-time shared secret to build a TLS tunnel during CAPF enrollment. The first client who entered the authentication code is given an X.509 certificate to use for subsequent CCM registration. If the device security profile is set to Authenticated or Encrypted, that X.509 certificate is required for the CSF device to register/work.

Unless you're using Windows roaming profiles or some other mechanism to make the user certificates portable between devices (e.g. smart cards??), you're stuck. IMO, tell the user they only get a laptop and can attach an external monitor when they're at the office.

6 REPLIES
VIP Super Bronze

Is your CUCM cluster setup

Is your CUCM cluster setup for mixed mode? If yes, what enrollment method did you chose as soft phones only support Authentication String. Only physical phones will have a MIC to do CAPF enrollment by.

New Member

Hi Jonathan,Thank you for

Hi Jonathan,

Thank you for your response. The CUCM cluster is setup in Mixed Mode. If you talking about Authentication Mode in Phone Security Profile for Cisco Jabber then it is set for "By Null String".

 

Thanks,

Vaijanath S.

New Member

Hi Jonathan, Thank you for

Hi Jonathan,

 

Thank you for your help. The issues is now resolved after using the authentication string.

 

Thank you,

Vaijanath

New Member

Hi Jonathan, As I have

Hi Jonathan,

 

As I have mentioned in earlier response that the jabber is now working by setting Authentication String. But the problem now I am facing is there is no simultaneous ring on desk phone and jabber. i.e. Jabber and desk phone are configured with same extension. when someone dials this extension it rings on desk phone only.

 

Thanks,

Vaijanath

New Member

Hi Jonathan, I have one more

Hi Jonathan,

 

I have one more issue with Cisco Jabber using authentication string. The authentication string works fine with the Jabber and softphone functionality is working.

Now the problem is: if the single user has two Jabber clients, one installed on laptop and second on desktop, the authentication string window is presented to the jabber client which logs in first. For example is I login from my laptop the window pops up to enter the authentication string. But now when I open the Jabber on my desktop it doesn't give me option to enter the authentication string and the softphone doesn't work.

 

Thanks,

Vaijanath

VIP Super Bronze

This is expected behavior.

This is expected behavior. The authentication string is a one-time shared secret to build a TLS tunnel during CAPF enrollment. The first client who entered the authentication code is given an X.509 certificate to use for subsequent CCM registration. If the device security profile is set to Authenticated or Encrypted, that X.509 certificate is required for the CSF device to register/work.

Unless you're using Windows roaming profiles or some other mechanism to make the user certificates portable between devices (e.g. smart cards??), you're stuck. IMO, tell the user they only get a laptop and can attach an external monitor when they're at the office.

2388
Views
0
Helpful
6
Replies
CreatePlease to create content