Document ID: 116430
Updated: Sep 11, 2013
Contributed by Christos Georgiadis, Cisco TAC Engineer.
Contents
Introduction
This document describes a problem with Cisco Jabber for Macintosh (MAC) Version 8.x where a certificate warning appears upon user login and presents three different solutions to the problem.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Cisco Jabber for MAC
- Certificate Management on Cisco Unified Communications Servers
- MAC Operating Systems (OS)
Components Used
The information in this document is based on Cisco Jabber for MAC Version 8.x.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Problem
When you attempt to log in to Cisco Jabber for MAC, this certificate warning dialog appears:
Solution
This section describes the three solutions used in order to remove the certificate warning from Cisco Jabber for MAC Version 8.x.
User Intervention
You must check the Always trust check box in order to add the self-signed certificate from the Cisco Unified Presence Server (CUPS) to the list of trusted certificates. This must be done for all of the self-signed certificates that are presented.
Self-Signed Certificates
If Cisco Unified Presence (CUP) is configured with self-signed certificates, then the administrator can complete these steps:
- Extract the self-signed certificate from the CUPS: navigate to Cisco Unified OS Administration > Security > Certificate Management, click the Tomcat certificate (tomcat.pem), and click Download.
- Repeat step one for all other servers, where applicable, such as Cisco Unity and Cisco Unified Meetingplace.
- Concatenate the certificates into a single file with .pem as the extension (companyABCcertificates.pem for example).
- Send the file to the users and ask them to double-click it in order to add it to the list of trusted certificates.
Third-Party Certificates
If CUP is configured in order to use third-party signed certificates, the administrator can complete these steps:
- Ensure that the root certificate, along with any intermediate certificates, is uploaded to all CUP servers. Navigate to Cisco Unified OS Administration > Security > Certificate Management, and verify that tomcat-trust and cup-xmpp-trust contain the root Certificate Authority (CA) certificate chain. Click the corresponding .pem or .der file in order to verify.
- Ensure that you upload the signed certificates on all CUP servers: navigate to Cisco Unified OS Administration > Security > Certificate Management, and verify that all servers use the third-party signed certificates for tomcat and cup-xmpp.
- If applicable, ensure that the remaining servers (Cisco Unity, Cisco Unified Meetingplace) are also configured in order to use third-party signed certificates.
- Ensure that the root certificate of the CA, along with any intermediate certificates, is already installed on the MAC OS X.
Troubleshoot
If the certificate warning message still appears when you attempt to log in to Cisco Jabber for MAC, click the Show certificate button in order to find more details on the certificate presented, and collect a problem report.
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.