I'm not sure that interpretation is a correct description of the process. All ssl certs indicate their issuer. As long as your device trusts that issuer, it trusts certificates from that issuer. For example if you go to https://www.cisco.com and look at their cert on a window box you will see the certification path goes to a Baltimore CyberTrust root with is included in Windows built in trusted roots supplied by Microsoft. Jabber works the same way it presents the various CUCM/IM&P/UCXN SSL certs to your PC and your PC verifies them against what it already trusts.
It's not pushing anything by my understanding. Matthew G. Loraditch - CCNP-Voice, CCNA-R&S, CCDA Network Engineer Direct Voice: 443.541.1518 Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts> From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Joe Loiacono Sent: Thursday, March 19, 2015 8:29 AM To: cisco-voip@puck.nether.net Subject: [cisco-voip] Call Manager, Jabber, and Certificates Jabber documentation indicates that the Certificate that the client may require and is 'pushed' from Call Manager is a 'root certificate' that directs the Client to a trusted source that will validate the server's (Call Manager hosts) offered certificate. If the Call Manager certificate is from a public trusted Certificate Authority(CA), and that CA is in the Windows certificate store, can the Certificate 'push' be avoided altogether? Thanks, Joe Loiacono
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip