This document describes a problem with Cisco Jabber for Macintosh (MAC) Version 8.x where a certificate warning appears upon user login and presents three different solutions to the problem.
Cisco recommends that you have knowledge of these topics:
- Cisco Jabber for MAC
- Certificate Management on Cisco Unified Communications Servers
- MAC Operating Systems (OS)
The information in this document is based on Cisco Jabber for MAC Version 8.x.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
When you attempt to log in to Cisco Jabber for MAC, this certificate warning dialog appears:
This section describes the three solutions used in order to remove the certificate warning from Cisco Jabber for MAC Version 8.x.
You must check the Always trust check box in order to add the self-signed certificate from the Cisco Unified Presence Server (CUPS) to the list of trusted certificates. This must be done for all of the self-signed certificates that are presented.
If Cisco Unified Presence (CUP) is configured with self-signed certificates, then the administrator can complete these steps:
- Extract the self-signed certificate from the CUPS: navigate to Cisco Unified OS Administration > Security > Certificate Management, click the Tomcat certificate (tomcat.pem), and click Download.
- Repeat step one for all other servers, where applicable, such as Cisco Unity and Cisco Unified Meetingplace.
- Concatenate the certificates into a single file with .pem as the extension (companyABCcertificates.pem for example).
- Send the file to the users and ask them to double-click it in order to add it to the list of trusted certificates.
If CUP is configured in order to use third-party signed certificates, the administrator can complete these steps:
- Ensure that the root certificate, along with any intermediate certificates, is uploaded to all CUP servers. Navigate to Cisco Unified OS Administration > Security > Certificate Management, and verify that tomcat-trust and cup-xmpp-trust contain the root Certificate Authority (CA) certificate chain. Click the corresponding .pem or .der file in order to verify.
- Ensure that you upload the signed certificates on all CUP servers: navigate to Cisco Unified OS Administration > Security > Certificate Management, and verify that all servers use the third-party signed certificates for tomcat and cup-xmpp.
- If applicable, ensure that the remaining servers (Cisco Unity, Cisco Unified Meetingplace) are also configured in order to use third-party signed certificates.
- Ensure that the root certificate of the CA, along with any intermediate certificates, is already installed on the MAC OS X.
If the certificate warning message still appears when you attempt to log in to Cisco Jabber for MAC, click the Show certificate button in order to find more details on the certificate presented, and collect a problem report.