Jabber Guest server Local SSL certificate

Similar Messages

• Message: Your Server's SSL certificate has expired. - Can no more login

  Hi,
  Since yesterday I can no more login into beehiveOnline via OBEE. Every time I try it the extension goes offline and tells me in a window that "Your Server's SSL certificate has expired.". If I try to relogin it takes some seconds but the window and message comes up again and again.
  It was working perfectly during the previous weeks, no issues at all. What do I have to do to get it solved?
  Thanks
  Volker

  Hello,
  I've set up OBEE for BeehiveOnLine usage today, without any issue (Monday 28 of June)
  May you retry please?
  Yesterday - Sunday - the system might be under maintenance.
  Thanks
  Fred

• The Server's SSL certificate has expired

  Hi,
  Today morning I accessed my mails with out any problems. After some time suddenly my outlook was disconnected and getting the message "The Server's SSL certificate has expired".Can any one help me out of this?
  Thanks,
  Prasad K

  Check if you have accidentally set your system date not to current.
  Edited by: user10788046 on Oct 22, 2010 8:16 PM

• Jabber GUest Server 10.5 Install and deploy

  HI,
  I try  to install and deploy my first jabber guest Server 10.5 .What I see is that I should use a secure sip trunk to the ucm ? is this really needed ?,because if I use secure sip trunk I have to install certs
  Could I deploy it without secure sip trunk ? and only use self cert between expressway c and e ?
  Thanks for your Information
  Josef

  Hi Josef,
  It is fine to configure SIP trunk on UCM to be non-secure. 
  Between C and E you just need to make sure there are CA-signed certs installed.  Doesn't matter which CA, could be your own.
  Hope this helps.
  Mike

• Jabber Guest Server Download

  Hi all,
  I will install jabber guest to run a demo on a customer, where can i download the jabber guest server iso file ?
  Thanks
  patcbr600

  Hi - the question is answered in this thread:
  https://supportforums.cisco.com/discussion/12243866/jabber-guest
  Mike

• Server 2008R2 - SSL Certificate Weak Public Key Strength

  Hello -
  I'm using a Windows 2008R2 server and am working on locking the system down. We use the BeyondTrust Retina Network Security Scanner, the scanner returns two results that I'm having trouble solving.
  The first is finding is:
  'SSL Certificate Weak Public Key Strength'
  "Retina has detected that the certificate on the target supports a  cryptographically weak public key strength. An attacker may be able to leverage weaknesses in the public key strength to gain access to sensitive information."
  "Replace the current certificate with one using a high-grade public key strength of 2048 bits of higher"
  **Does anyone have any ideas how to find all the certificates loaded on the machine that aren't at 2048 bits or higher, the system is a standalone machine without internet access**
  The second finding is:
  'SSL Certificate Self-Signed'
  "Retina has detected that the certificate on target is self-signed. Self-signed certificates can provide underlying cryptographic functionality, but cannot guarantee the origin of the certificate is trusted."
  "Verify the certificate is trusted to ensure the confidentiality and integrity of prior encrypted communications. Replace the current self-signed certificate with one signed by a trusted root certificate authority."
  **Anyone have any ideas how to find 'self-signed' certificates? I've tried searching through the certificates store on the local computer, but I can't seem to find a self-issued certificate, but Retina sure found some.**
  Any help would be greatly appreciated!!
  Thanks,
  Ryan

  A self signed certificate is a certificate which Subject attribute equals Issuer attribute. You can use below script to find selfsigned certificates which is selfsigned and public key is less than 2048 bits.
  Be aware that if you search in all possible certificate stores (including Trusted Root CA store) you will find a lot of self signed certificates. Please see my notes in powershell code.
  #Find self-signed certificate which keysize less than 2048. Uncomment one of the lines below
  #$myCerts = Get-Item Cert:\CurrentUser\My #search in Current User Store - Personal - this is the place to look in
  #$myCerts = Get-Item Cert:\LocalMachine\My #search in Local Machine Store - Personal - this is the place to look in
  #$myCerts = Get-Item Cert:\CurrentUser\* #search in Current User Store - this will bring a lot of cert list
  #$myCerts = Get-Item Cert:\LocalMachine\* #search in Local Machine Store - this will bring a lot of cert list
  $myCerts.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
  $myCertsList = Get-ChildItem $myCerts.PSPath
  $myCertsList | where {$_.Subject -like $_.Issuer -and $_.PublicKey.Key.KeySize -lt 2048} | select * #self-signed and less then 2048
  $myCerts.Close()
  Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

• Server 3 / SSL Certificate / Open Directory - Problem!

  We've updated from Server 2 to Server 3 / OS X 10.9.
  We have an SSL certificate for server from Comodo.
  Under Server 2, all worked just fine, with the SSL certificate being used to secure all services (configure via Server app).
  Under Server 3, all works just fine, but Open Directory will not accept certificate - so Certificates / Settings in Server 3 app shows "Custom Configuration" for Settings - and on inspecting this it is because Open Directory set to be not secured but everything else is using SSL.
  I've tried setting the Open Directory to use the SSL, but when ever I do it simply bounces back to being unsecured.
  Does this matter?  Presumably it should be possible (as the standard setting appears to try and set Open Directory to use the SSL certificate), but not sure whether trying to fix is simply a fools errand.
  Anyone got any clues as to whether to fix or not, and if to fix, how?
  Thanks in advance.

  Have you check to see that the certificate is indeed "Trusted" by your server?
  Above, you stated that they're in the etc/certificates folder, but that doesn't mean that the server likes them.  You can create a "Self Signed" Certificate and still have certificates in there.  That doesn't mean that anyone else on the planet has to trust them.
  Open Keychain Access in your utilities folder.  Depending on how you have it configured, you may have to look around to find the certificate in question.  It may be under login, or System. 
  When you select your Certificate, if it's there, does it show as trusted?
  Another thing you can check...  Often times Certificate authories, use Intermdeiate certificates.  Since anyone can sell a certificate, in order to have it trusted, you need to have it signed by someone else.  A good example is Godaddy.  They sell both SSL and Code signing certificates of all flavours.  In order to get them to be trusted, the "Intermediate Certificate" needs to also be installed in the keychain.  My Godaddy cert looks to be trusted by Verisign via an intermediate.
  Have a look here...  https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid =1182
  Not sure if it's directly relevant, but there it is.
  The point is, I think you need to verify that your certificate is trusted by your server.  OD won't use an untrusted certificate. 
  --an afterthought--  Anything in the logs?
  Open up your server window where you try to select the certificate for OD.  Also, in another window open up the terminal.  In terminal, type:
  tail -f /var/log/system.log
  In the server window try to select the certificate and click done.  See what the output in terminal says.

• How to install SSL certificate on Mac OS X 10.8.3 Server 2.2

  Hi,
  In eairler versions of !0.8 / OS X Server 2.2 your where able to install a purchased SSl certificate in the
  Hardware >> Profile Manager Server >> Settings >> SSL Certificate Edit
  I've just done a clean install of 10.8.3 and OS X Server 2.2 but there is no  "SSL Certificate Edit" available.
  How do I install my purchased certificate?
  Thanks,
  John

  sorry for hijacking but I have a related question to do with certificates.
  I had to set up virtual domains manually instead of through the GUI and the server ssl site is now locked to a certificate that is about to expire and no longer needed, I can't change the certificate in the web gui because it was created manually, I can't delete the certificate because it is assigned to the server ssl website and I can't manually edit the conf files to point to a different certificate becasue it breaks it, any ideas?

• My first Jabber Guest link not working

  So I believe I have everything set up correctly for Jabber Guest, but when I browse to the link I created I either get the Expressway Edge login page, or if I'm logged in to the Exp I get "The requested URL /call/8888 was not found on this server."  Maybe I'm confused on how the domains are supposed to work together, but shouldn't I be able to use the FQDN of the Expressway Edge in my Jabber Guest links?  Thanks!  Mike

  From the Cisco Jabber Guest Server 10.0 Installation and Configuration Guide:
  The Cisco Expressway-E administrator currently uses port 80 and therefore, incoming requests from the Cisco Jabber Guest client to Cisco Expressway-E on port 80 need to be remapped to port 9980 using a firewall (or similar) in front of Cisco Expressway-E.
  The Cisco Expressway-E administrator currently uses port 443 and therefore, incoming requests from the Cisco Jabber Guest client to Cisco Expressway-E on port 443 need to be remapped to port 9443 using a firewall (or similar) in front of Cisco Expressway-E.

• SSL certificates not visible while RFC destination creation

  Hi all,
  I am setting up an RFC destination to connect to external server and which uses SSL certificates for its authorization.
  So i have imported the Client certificates into STRUST.
  While setting up an RFC connection of type G, in the security tab when we select the SSL security certificate radio button, will we be able to see the certificates(in the combo box) that we have imported in STRUST.
  Currently, though i have imported the Client certificates into STRUST, i am not able to see them in the SS security certificates combo box.
  Kindly help me out.
  Cheers,
  Siva Maranani.

  Well, first of all we should avoid confusion by using the term "<i>ABAP destination</i>" rather than "<i>RFC destination</i>" (although ABAP transaction SM59 still has this old title).
  When referring to an "ABAP destination of type G" we are talking of an outbound http connection to a non-ABAP server (e.g. an SAP J2EE server or any other http server).
  I'm not sure whether you are aware that in this context "<i>SSL client certificate</i>" refers to the ABAP <u>system</u> (which is the SSL client in this scenario). This is different from scenarios where "X.509 client certificate" refers to a certificate which is assigned to an individual <u>user</u> (using a web browser). <b>In the given scenarios, where two systems are the communication peers, SSL cannot be used for user authentication.</b> That fact is often misunderstood.
  By default you'll find 3 different SSL certificates (actually: PSEs) in an ABAP system (which can be used only after enabling SSL, of course - see note 510007 for instructions):
    - SSL Server
    - SSL Client (anonymous)
    - SSL Client (Default)
  Well, the "<i>SSL Client (anonymous)</i>" is actually not really a "client certificate" but used for outgoing http requests where you do not intend to send your own SSL client certificate. Since you cannot use the server's SSL client certificates for user authentication it might make sense to use "<i>SSL Client (anonymous)</i>" is most cases.
  Please notice: you have to add the server's SSL certificate (respectively the root CA certificate and potentially intermediate CA certificates) to the certificate list of the "<i>SSL Client (anonymous)</i>" PSE (using STRUST). By default, that list is empty - consequently no SSL server certificate is trusted (in contrast to a web browser which is already shipped with a long list of "trusted CAs").
  Only when the (remote) server demands SSL client certificates it might make sense to use either "<i>SSL Client (Default)</i>" or to define a new SSL client certificate (for the ABAP system that submits the https request).
  Please notice:
  SSL client certificates need to be issued by an Certification Authority (CA) in order to be accepted by the SSL server.
  In addition to importing the SSL server's certificate to the certificate list of the SSL client PSE (see above: <i>anonymous SSL client</i>) you also need to export the root CA certificate (and potentially all intermediate CA certificates) of the SSL client certificate and import it to the (remote) SSL server's keystore (kindly refer to the manuals of that server for instructions).
  Kind regards, Wolfgang
  PS: I assume that you have imported some certificates to the certificate list of a SSL client PSE. In SM59 only those SSL client PSEs are listed: "<i>SSL Client (anonymous)</i>", "<i>SSL Client (Default)</i>" and all SSL client PSEs that you might have defined in addition (using transaction STRUST => <i>Environment</i> => <i>SSL Client Identities</i>).

• Jabber Guest Software is missing

  Dear All,
  I could not find Jabber Guest Server software under downloads page. I would appreciate if one else also verify this.
  Regards,

  Dear Jaime,
  Thank you for your reply. But l am struggling to find Jabber Guest software on downloads page.
  Are you able to find Jabber Guest software on Cisco downloads page?
  Regards,

• SSL Certificate & Local Access

  Hi everyone,
  I'm currently in the process of re-keying exchange with a new certificate.
  Currently, outlook clients have the following configuration:
  Mail Server: server01.domain.local
  HTTP Proxy: exchange.domain.com.au
  Therefore the current SSL is keyed for:
  Primary: exchange.domain.com.au
  Alternate: server01.internal.local, autodiscover.domain.com.au, autodiscover.internal.local
  With the old certificate, this is fine - however from November the 1st 2015 SSL authorities are allowing only external fully qualified domain names.
  Therefore the SSL can ONLY be key for:
  Primary: exchange.domain.com.au
  Alternate: autodiscover.domain.com.au
  This means that when connecting to exchange server01.domain.local I receive an error stating the the name on the certificate does not match the name of the host (because it's connecting locally).
  Is there any way of adjusting configuration in Exchange for users to connect to the external exchange.domain.com.au even though they are local? I would obviously need to update autodiscover etc also
  Cheers,
  Anthony

  There are two possible solutions using SSL certificate from public and pricate 
  1. Use ssl cert from public CA for public domain name (exchange.domain.com.au) on Reverse proxy servers like ISA or TMG for external access. and use Internal CA for internal names on exchnage server (server01.internal.loca)
  or
  2.You can create another site using separate NIC card on exchange server. Use Internal CA certificate on Default site and public CA certificate on New site.

• SQL Server cannot Find SSL Certificate

  We need help solve an issue we are having with SQL Server 2008 recognizing certificates (for supporting SSL communications) we generate through the MakeCert.exe utility. We have followed all instructions available in the MSDN SQL Server 2008 online books, including using the mmc console utility to verify that the certificates are valid, but the certificates we make fail to be seen by the SQL Server 2008 Configuration Management application.

  Hi,
  I’m not sure what instructions you read from MSDN. Do you follow the steps described in http://msdn.microsoft.com/en-us/library/ms191192.aspx?  If not, please try it. Additionally, I suggest you refer to the following content from MSDN:
  For SQL Server to load a SSL certificate, the certificate must meet the following conditions:
  1. The certificate must be in either the local computer certificate store or the current user certificate store.
  2. The current system time must be after the Valid from property of the certificate and before the Valid to property of the certificate.
  3. The certificate must be meant for server authentication. This requires the Enhanced Key Usage property of the certificate to specify Server Authentication (1.3.6.1.5.5.7.3.1).
  4. The certificate must be created by using the KeySpec option of AT_KEYEXCHANGE. Usually, the certificate's key usage property (KEY_USAGE) will also include key encipherment (CERT_KEY_ENCIPHERMENT_KEY_USAGE).
  5. The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. If SQL Server is running on a failover cluster, the common name must match the host name or FQDN of the virtual server and the certificates must be provisioned on all nodes in the failover cluster.
  If there are any more questions, please let me know.
  Thanks.
  ***Xiao Min Tan***Microsoft Online Community***

• Can't find SSL certificate in SQL server configuration manager?

  Hi 
  It's been 2 days and I need a help. I have visited a number of sites and I still can't make it work
  Two severs I have: Windows 2012 Standard with SQL 2008 R2 and SQL 2012 
  I am trying to set it up on SQL 2008 R2 right now. 
  I have a certificate from a CA and did the followings.
  1. Open MMC
  2. Add Certificates Snap-in as a computer account (In fact, I tried all the three accounts)
  3. Right click-on Personal folder and All taks and Import 
  4. Installed the certificate with Certificate import Wizard
  5. The certificate shows up under Personal/Certificates and Trusted Root Certification Authorities/Certificates
  I did this with a local administrator account as well as MSSQL account(SQL Server service account I created). Even though the server is part of domain, SQL server is set up with local accounts. 
  This is a simply summary. I tried everything in the article such as 'Create Custom Request'. 
  I am not sure what I am missing. Why can't I see the certificate in SQL Server configuration manager? 
  I even made MSSQL (service account) as administrator. Not working.  
  as I am not using the domain service account, I believe below is not relevant. 
  Missing detail on "Install a certificate in the Windows certificate store..."
  When following recommended security procedures and running SQL server under a domain service account, the service will fail to start after assigning a certificate to the protocols.  This is because the service account does not have permissions to read
  the private key.  Fix this in the Certificates MMC snap-in (preferably right after installing the certificate.)  Select the certificate you just imported, then in the Action menu select "Manage private keys."  Grant the domain service
  account read access to the private key of the server certificate.
  Below is the few of reference I looked at.. 
  https://support.microsoft.com/en-us/kb/316898/
  https://msdn.microsoft.com/en-us/library/ms191192(d=printer).aspx
  https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
  http://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-
  http://blogs.msdn.com/b/sqlserverfaq/archive/2010/05/28/inf-permissions-required-for-sql-server-service-account-to-use-ssl-certificate.aspx

  Hi Dinesh 
  Thanks for the reply. 
  I did looked into the both sites as well. but it did not work. 
  Below is the step to install SQLs server certificate. and I was stuck with Step 9. when click 'next' in the wizard, I am not getting into a place to select 'computer' as certificate type. 
  Do you know what is wrong please? 
  Open the Microsoft Management Console (MMC): click Start, then click Run and in the Run dialog box type: MMC
  On the File menu, click Add/Remove Snap-in...
  Select Certificates, click Add.
  You are prompted to open the snap-in for your user account, the service account, or the computer account. Select the Computer Account.
  Select Local computer, and then click Finish.
  Click OK in the Add/Remove Snap-in dialog box.
  Click to select the Personal folder in the left-hand pane.
  Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate...
  Click Next in the Certificate Request Wizard dialog box. Select certificate type 'Computer'.
  You can enter a friendly name in text box if you want or leave it blank, then complete the wizard.
  Now you should see the certificate in the folder with the fully qualified computer domain name

• Renew SSL Certificate for for two Exchange 2010 Server and the new rules.

  I find DigitCert's website always helpful with cert questions.They've got a pretty helpful page here: https://www.digicert.com/internal-names.htmIt looks like they've got a tool for Exchange, but I've not used it myself, so can't say if it works or how well: https://www.digicert.com/internal-domain-name-tool.htmI bet Microsoft have something on their website too that helps with this sort of question.I'd say you register a completely new domain and use that for public facing and internal servers. Or you could just create a sub domain of an existing one, i.e. subdomain.mydomain.com and use that, i.e. public_exchange.subdomain.mydomain.com and internal_exchange.subdomain.mydomain.com.

  Hi there , 
  My exchange 2010 Server Certificate is about to expire and i am going to renew it but according to the new rules for SSL Certificate Issuing we can not include our Local Servers Names and Local FQDN such as myserver.contoso.local, my issue is that i have 2 exchange servers one is internet-facing Server (where the certificate is initiated and installed) and one is non-internet-facing Exchange server.
  if i am going to renew my certificate with public only name, I have to create a split Domain that reflects my external links to the internal Users, what shall i do for the non-internet-facing server? do i need to create another record in my split DNS Server and add it to my Certificate Request ? 
  This topic first appeared in the Spiceworks Community