Yes, they will, the Expressway E was designed around an ACME cert and Let's
Encrypt is super free.
Anyway, I think the issue is between the Expressway and CUCM at this
point... escalating to TAc...
Jonathan
On Thu, Nov 11, 2021 at 4:49 PM Brian V wrote:
> WIll the phones trust a LetsEncrypt
Part of the workaround referenced in the Bug doesn't make sense. They
reference adding some GoDaddy certs, but when you look at the URL they
reference (*.wbx2.com) that is signed by Hydrant not Go Daddy.
See images below
[image: image.png]
[image: image.png]
On Thu, Nov 11, 2021 at 3:48 PM
WIll the phones trust a LetsEncrypt cert ?
Jabber works because the OS (Windows/MAC/iOS/Droid) gets updated root CA
certs on a regular basis
The trusted certs in the phone have to be placed there in the software by
Cisco.
This might be a situation where newer code on a phone is required if the
Ok. This all points to desktops not accepting root certificate updates from
what I can tell.
I just checked with my contact and ask about this on our site and he said there
is no blocking of root certs being downloaded.
I'm going to guess then that I'm ok.
I mean, I haven't heard anything
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq73203
-Original Message-
From: cisco-voip On Behalf Of Gary Parker
Sent: Thursday, November 11, 2021 1:45 PM
To: Johnson, Tim
Cc: cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] [External] Jabber Users Prompted To Accept Webex Cert
Quick follow-up: I’ve heard from another site (off-list) suffering this now,
too.
Gary
> On 11 Nov 2021, at 16:13, Gary Parker wrote:
>
> Thanks Tim, likewise: glad it’s not just us!
___
cisco-voip mailing list
cisco-voip@puck.nether.net
I wouldn’t put a lot of weight in the status on the phone with the TLS error,
I’ve seen that with working phones. Do you have the phone MRA domain set? We
have a separate device pool for MRA devices so it can set the time from
external ntp sources. If the time on the phone is off, the crypto
It is running 12.8... it has been locally reg'd before...
On Thu, Nov 11, 2021 at 10:44 AM Matthew Huff wrote:
> In the lab, have you tried setting up the phone without MRA and get the
> firmware uploaded first? Depending on how old the firmware is, you may have
> issues with onboarding. Our
In the lab, have you tried setting up the phone without MRA and get the
firmware uploaded first? Depending on how old the firmware is, you may have
issues with onboarding. Our 8861 wouldn’t onboard until at least 12.5.
Matthew Huff | Director of Technical Operations | OTA Management LLC
Thanks Tim, likewise: glad it’s not just us!
I’m loathe to advise users to accept a certificate that’s flagged as bad for
some reason, as that’s just bad security practice.
As I mentioned earlier, I’ve added:
WEBEX
...to our jabber-config.xml, and we’re advising users to reset their Jabber
Thanks Jason, I was aware of FN 72120 and figured that this may be associated
(but not the cause); I guess Cisco have replaced a load of certs.
However:
- FN 72120 only relates to Android and iOS clients using push notifications,
we’re only seeing this behaviour on Windows clients
- these
On the phone, we see TLS connection failed... the E's cert is signed by
Let's Encrypt...
On the Expressway E we see some certificate exchange and then resets in the
connection...
MRA works fine for Jabber just 8845 Activation Code onboarding is
failing...
Jonathan
On Tue, Nov 9, 2021 at
I’ve heard from my help desk that they had a few users report the prompt for
accepting a cert. Unfortunately, they gathered zero details for me and just had
the users accept the cert…
Good to know it’s not just us though.
From: cisco-voip On Behalf Of Jason Aarons
Sent: Thursday, November
Webex clients update switched from the Quovadis Root CA which was older and
being retired, to the IdenTrust Root CA which it dates back to 2014. The
IdenTrust Root CA certificate is contained within the default trust store
of all major operating systems by default.
Not clear why IdenTrust is
Morning all, a few years back we had a problem where lots of our managed
Windows service users were complaining that their Jabber clients had started
rejecting a certificate offered by idbroker.webex.com
This thread on community.cisco.com
15 matches
Mail list logo
