Guest

Cisco Jabber for Mac

Jabber for MAC Certificate Warning Troubleshoot

Document ID: 116430

Updated: Sep 11, 2013

Contributed by Christos Georgiadis, Cisco TAC Engineer.

   Print

Introduction

This document describes a problem with Cisco Jabber for Macintosh (MAC) Version 8.x where a certificate warning appears upon user login and presents three different solutions to the problem.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Cisco Jabber for MAC
  • Certificate Management on Cisco Unified Communications Servers
  • MAC Operating Systems (OS)

Components Used

The information in this document is based on Cisco Jabber for MAC Version 8.x.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Problem

When you attempt to log in to Cisco Jabber for MAC, this certificate warning dialog appears:

Solution

This section describes the three solutions used in order to remove the certificate warning from Cisco Jabber for MAC Version 8.x.

User Intervention

You must check the Always trust check box in order to add the self-signed certificate from the Cisco Unified Presence Server (CUPS) to the list of trusted certificates. This must be done for all of the self-signed certificates that are presented.

Note: You must enter the password of the MAC OS X administrator account in order to import the certificates.

Self-Signed Certificates

If Cisco Unified Presence (CUP) is configured with self-signed certificates, then the administrator can complete these steps:

  1. Extract the self-signed certificate from the CUPS: navigate to Cisco Unified OS Administration > Security > Certificate Management, click the Tomcat certificate (tomcat.pem), and click Download.
  2. Repeat step one for all other servers, where applicable, such as Cisco Unity and Cisco Unified Meetingplace.
  3. Concatenate the certificates into a single file with .pem as the extension (companyABCcertificates.pem for example).
  4. Send the file to the users and ask them to double-click it in order to add it to the list of trusted certificates.

Note: The user must enter the password of the MAC OS X administrator account in order to import the certificates.

Third-Party Certificates

If CUP is configured in order to use third-party signed certificates, the administrator can complete these steps:

  1. Ensure that the root certificate, along with any intermediate certificates, is uploaded to all CUP servers. Navigate to Cisco Unified OS Administration > Security > Certificate Management, and verify that tomcat-trust and cup-xmpp-trust contain the root Certificate Authority (CA) certificate chain. Click the corresponding .pem or .der file in order to verify.
  2. Ensure that you upload the signed certificates on all CUP servers: navigate to Cisco Unified OS Administration > Security > Certificate Management, and verify that all servers use the third-party signed certificates for tomcat and cup-xmpp.

    Note: Once the files are uploaded, a reboot is required in order for the changes to take effect.

  3. If applicable, ensure that the remaining servers (Cisco Unity, Cisco Unified Meetingplace) are also configured in order to use third-party signed certificates.
  4. Ensure that the root certificate of the CA, along with any intermediate certificates, is already installed on the MAC OS X.

Troubleshoot

If the certificate warning message still appears when you attempt to log in to Cisco Jabber for MAC, click the Show certificate button in order to find more details on the certificate presented, and collect a problem report.

Related Information

Updated: Sep 11, 2013
Document ID: 116430