You will face lots of issue and problems on Jabber, if your certification process not completed correctly.
Please easily follow up below steps to be sure that your certificates are correct and fulfill Jabber requirements.
- Download CA Root or Whole Chain certificate from CA Server as "Base64"
- Upload "no1" CA Root or Whole Chain certificates to CUCM and IM&P servers as "tomcat-trust"
- Generate "tomcat" CSR at CUCM server and download it
- Request a "Tomcat Signed CA" certificate with "WebServer" template as "Base64" from CA Server while using "no3" CSR
- Upload "no4" CA certificate to CUCM server as "tomcat"
- Upload "no1" CA Root or Whole Chain Certificates to IM&P server as "CUP-XMPP-Trust"
- Generate "cup-xmpp" CSR at IM&P server and download it
- Request "cup-xmpp" certificate with "WebServer" template as "Base64" from CA Server while using "no7" CSR
- Upload "no8" CA certificate to IM&P server as "cup-xmpp"
- Install CA Root or Whole Chain certificates to Expessway E and C (or VCS Control - Expressway) servers as "Trusted CA Certificate"
- Generate a CSR on Expressway C server and download it
- Request CA Signed Certificate for Expressway C server with "ServerClient" template as "Base64" from CA Server while using "no11" CSR
- Upload "no12" certificate to Expressway C server
- Generate a CSR on Expressway E server and download it (remember adding alternative names)
- Request CA Signed Certificate for Expressway E server with "ServerClient" template as "Base64" from CA Server while using "no14" CSR
- Upload "no15" certificate to Expressway E server
- Restart both Expressway C and E servers
- Restart Tomcat service on CUCM server and XCP Router service on IM&P server
- Deactive - active TFTP service on CUCM server
Hope these steps will help you on your Jabber deployments.
Best Regards,
Mesut
PS : happy Labout Day and wish an equal world for every employees