This document describes how to resolve a Cisco Click to Call certificate warning.
Cisco recommends that you have knowledge of these topics:
- Cisco Click to Call
- Cisco Unified Communications Manager (CallManager) (CUCM)
The information in this document is based on these software and hardware versions:
- Cisco Click to Call, Release 7.x and 8.x
- Microsoft Windows XP and Microsoft Windows 7
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
You might see this Security Alert when you place a call with Cisco Click to Call:
If you encounter the certificate mismatch issue, you should:
- Ensure that the certificate is installed into either the 'current user' or 'local machine' Trusted Root Certification Authorities store. Refer to Certificate Installation for details.
- Ensure that the address given to the server in the Preferences field is the same as the certificate. For example, Click to Call might have the server configured with an IP address, but the certificate might be for a fully qualified domain name (FQDN). Although both point to the same CUCM, the certificate comparison fails. These two names must be the same in order to fix the mismatch.
To view the certificate in a browser, enter the CUCM address in the address bar; a notification for the certificate appears next to the address bar.
You must install the CUCM certificate in the Trusted Root Certification Authorities folder on every client computer that is running Click to Call. You can install the certificate:
- At the local machine level, so that the certificate is available to all users of the machine.
- At the current user level, so that the certificate is available to that user only.
Local Machine Level
In order to install the certificate at the local machine level, you can use a tool such as the Microsoft Certificate Manager Tool. For example, enter this command:
certmgr /add /c example.cer /s /r localMachine root
Local Account Level
This procedure describes how to install the certificate at the local account (current user) level:
- Click Start > Control Panel > Internet Options, then click the Content tab.
- Click Certificates.
- Click the Trusted Root Certification Authorities tab.
- Click Import.
- Follow the steps in the Certificate Import Wizard in order to import the certificate. You must install the certificate to the Trusted Root Certification Authorities folder rather than the default folder.