SSL Connection/Certificate Verification - Verified
|
The
IM and Presence
Service verified the SSL connection with the Exchange Server. Click View for the certificate details.
|
SSL Connection/Certificate Verification Failed - Certificate
Missing From Chain
Note
|
These
instructions describe the view of the customized Certificate Import Tool. If
you are simply verifying connection status, the tool indicates the verified
status but you do not have the option to
Save.
|
|
One or more certificates that the
IM and Presence
Service requires to establish a secure connection to the Exchange
Server are missing. The Certificate Viewer can provide details of the missing
certificates.
Complete these steps in the Certificate Viewer to display any
missing certificates:
-
Chose
Configure to open the Certificate Viewer.
-
Check
the Accept Certificate Chain check box
.
-
Click
Save.
-
The
certificate chain details display. Note any certificates with a status of
Missing.
-
Close
the Certificate Viewer.
To
complete the certificate chain, you must:
-
Download the missing certificates files from the Exchange
Server.
-
Copy
or FTP the missing certificate files to the computer that you use to administer
the IM and Presence Service.
-
Use
Cisco Unified
IM and Presence OS Administration to upload any of the
required missing certificates.
Troubleshooting Tips
- If the certificates are not
available in the Certificate Viewer, you may need to manually download and
install the missing certificates from the Exchange Server, and upload these
certificates in Cisco Unified
IM and Presence OS Administration as follows:
-
Log in to the Cisco Unified
IM and Presence OS Administration and user interface and upload
certificates to complete the certificate chain.
-
Return to the Presence Gateway Configuration window under the Cisco
Unified CM IM and
Presence Administration user interface, reopen the Certificate Viewer, and verify
that all certificates in the certificate chain now have a status of Verified.
- You must restart the Cisco
Presence Engine after you upload Exchange trust certificates.
- Log in to Cisco Unified
IM and Presence Serviceability user interface.
- Choose
. Note that this can affect Calendaring
connectivity.
- Choose either
Configure or
View to launch the Certificate Chain Viewer. The
Configure button displays if there are any issues with the
certificate chain that the
IM and Presence Service
downloads from the Exchange Server. For
example, the missing certificates scenario described above. Once you
successfully import and verify the certificate chain, the SSL Connection /
Certificate Verification status updates to Verified and the
View button replaces Configure.
|
SSL Connection/Certificate Verification Failed- Subject CN
Mismatch
|
The Presence Gateway field value must match the Subject CN value
of the leaf certificate in the Certificate Chain. You can resolve this by
entering the correct value in the Presence Gateway field.
Verify that your entry in the Presence Gateway field is correct
as follows:
-
Re-enter the correct Subject CN value in the Presence Gateway
field. The
IM and Presence
Service uses the Presence Gateway field value to ping the server. The
host (FQDN or IP address) that you enter must exactly match the IIS certificate
Subject Common Name.
-
Click
Save.
Tip
|
Choose either
Configure or
View to launch the Certificate Chain Viewer. The
Configure button displays if there are any issues with the
certificate chain downloaded from the Exchange Server. For example, the
missing certificates scenario described above. Once you successfully import and
verify the certificate chain, the SSL Connection / Certificate Verification
status updates to Verified and the
View button replaces
Configure.
|
|
SSL
Connection/Certificate Verification Failed - SAN Mismatch
|
The
Presence Gateway field value must match one of the Subject Alternative Name
(SAN) values of the leaf certificate in the Certificate Chain. You can resolve
this by entering the correct value in the Presence Gateway field.
Verify
that your entry in the Presence Gateway field is correct as follows:
-
Re-enter the correct SAN value in the Presence Gateway field.
The
IM and Presence
Service uses the Presence Gateway field value to ping the server. The
host (FQDN or IP address) that you enter must exactly match one of the entries
in the certificate Subject Alternative Name.
-
Click
Save.
Tip
|
Choose
either
Configure or
View to launch the Certificate Chain Viewer. The
Configure button displays if there are any issues with the
certificate chain downloaded from the Exchange Server. For example, the
missing certificates scenario described above. Once you successfully import and
verify the certificate chain, the SSL Connection / Certificate Verification
status updates to Verified and the
View button replaces Configure.
|
|
SSL Connection/Certificate Verification Failed - Bad
Certificates
|
Information in the certificate is incorrect, which renders it
invalid.
Typically, this occurs if the certificate matches the required
Subject CN but not the public key. This could happen if the Exchange Server
regenerates the certificate but the
IM and Presence
Service node still maintains the old certificate.
To resolve this, complete these actions:
- Choose the logs to
determine the cause of the error.
- If the error is due to a
bad signature, you need to remove the outdated certificate from the
IM and Presence
Service in CiscoUnified
IM and Presence OS Administration, and then upload a
new certificate in CiscoUnified
IM and Presence OS Administration.
- If the error is due to an
unsupported algorithm, you need to upload a new certificate that contains the
supported algorithm in CiscoUnified
IM and Presence OS Administration.
|
SSL Connection / Certificate Verification Failed - Network Error
|
Due to network issues, for example, a no-response timeout, the
IM and Presence
Service cannot verify the SSL connection.
We recommend that you verify the network connectivity to the
Exchange Server, and ensure that the Exchange Server is accepting connections
using the correct IP address and port number.
|
SSL Connection/Certificate Verification Failed
|
Verification failed for a non-specific reason or because the
IM and Presence
Service cannot perform the reachability test.
We recommend that you review the debug log files for more
information.
|