(a) do this (b) don't do this Is my favourite part!
I remember when I first started, I had opened a case, then another, and got two very conflicting opinions from the TAC (a) TAC suggests using the T train for voice gateways (b) The TAC suggests staying away from T train for voice gateways Or something like that. When you're first starting out and have a crush on Cisco, it's very had to work through that. -----Original Message----- From: Gary Parker <g.j.par...@lboro.ac.uk> Sent: Friday, November 12, 2021 5:24 AM To: Brian V <bvanb...@gmail.com> Cc: Lelio Fulgenzi <le...@uoguelph.ca>; NateCCIE <natec...@gmail.com>; Johnson, Tim <johns...@cmich.edu>; cisco-voip@puck.nether.net Subject: Re: [cisco-voip] [External] Jabber Users Prompted To Accept Webex Cert CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to ith...@uoguelph.ca Yeah, I had a suspicion at one point that this might be to do with the telemetry (which we’re sending), but the only reference I can find to the servers used for this is in the "Feature Configuration for Cisco Jabber 12.8” doc where it states that clients connect to "metrics-a.wbx2.com” (also mentioning that you must install a GoDaddy root cert). We’ve been sending telemetry for some time and have not had this problem before, and the cert the client is erroring on is idbroker.webex.com (with the IdenTrust root). Fwiw, metrics-a.wbx2.com is a cname for ha-a-main.wbx2.com, which in turn is a cname for achm-main-ha-a-nlb-1d0e22049c746ef1.elb.us-east-2.amazonaws.com metrics-a.wbx2.com *does* have a GoDaddy root cert, and a wildcard server cert. What a mess! That bug also says: "b) Disable the telemetry call to Webex in the jabber-config xml” …but then goes on to say: "This error/popup is not related to Telemetry. Even if you disable Telemetry on Jabber certificate pop up will continue to show.” ¯\_(ツ)_/¯ Gary > On 11 Nov 2021, at 22:57, Brian V <bvanb...@gmail.com> wrote: > > Part of the workaround referenced in the Bug doesn't make sense. They > reference adding some GoDaddy certs, but when you look at the URL they > reference (*.wbx2.com) that is signed by Hydrant not Go Daddy. _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip