04-12-2018 06:53 AM
Hi,
How can I get UCCX Finesse openfire certificates to connect over TLS 5223? I tried all the certificate from "UCCX OS Administration" option but unable to connect on 5223. I have successfully connected to 5222 port.
Regards,
Umesh
Solved! Go to Solution.
05-14-2018 10:05 AM
Hi Umesh,
I got confirmation from the Finesse & UCCX team that for Finesse with UCCX, connecting to the Finesse notification over the secure XMPP port is not supported until 11.6.
Thanx,
Denise
04-13-2018 05:06 AM
Hi,
Can you please confirm port to connect Finesse Openfire server over SSL/TLS? Is it 5223 or 5222 (normal port)?
Regards,
Umesh
04-17-2018 01:04 PM
Hi Umesh,
Sorry for the delay.
The SSL/TLS port for openfire is 5223. Openfire shares the same certificate as the Cisco Finesse Tomcat. This can be found in the Cisco Unified OS Administration page (/cmplatform) under Security --> Certificate Management of the respective node. Make sure to download the certificate of type "Tomcat".
For third party XMPP clients connecting to openfore over TCP, make sure the respective certificate is present in the trust store to have a successful SSL handshake.
Thanx,
Denise
04-18-2018 01:29 AM
Hello Denise,
Thanks for reply.
My application is able to connect and working fine without SSL with port 5222.
Now I am trying over SSL port 5223. I have downloaded tomcat certificate from UCCX and imported in my store using JAVA keytool utility.
following is the application code related to SSL -
config.setSecurityMode(ConnectionConfiguration.SecurityMode.required);
config.setSASLAuthenticationEnabled(true);
config.setKeystorePath("./cacerts");
config.setTruststorePath("./cacerts");
config.setTruststorePassword("changeit");
connection = new XMPPConnection(config);
I have copied "cacerts" in my executable folder.
I am getting following error from server -
-- caused by: XMPPError connecting to uccx10.in:5223.: remote-server-error(502) XMPPError connecting to uccx10.in:5223.
-- caused by: java.net.ConnectException: Connection timed out: connect
Can you please suggest if there is anything wrong?
Do I need to enable specific parameter in UCCX?
Thanks & Regards,
Umesh
04-18-2018 09:55 AM
Hi Umesh,
What version of Finesse/UCCX are you using? In 11.6, you need to use TLS 1.2 to connect.
Thanx,
Denise
04-18-2018 10:07 AM
Hi,
I found this method config.setSelfSignedCertificateEnabled(true)
, I am not sure if that will help.
ConnectionConfiguration (Smack 3.1.0 Documentation)
Thanx,
Denise
04-18-2018 08:13 PM
Hello Denise,
Thanks for reply.
I already tried that but no success
I also tried with below-
config.setCustomSSLContext(getSSLContext());
config.setSocketFactory(new DummySSLSocketFactory());
My doubt is library is unable to access the certificate path provided by me.
Can you please point me about server log for analysis?
Thanks & Regards,
Umesh
04-18-2018 08:54 PM
Hi Umesh,
That was going to be the next thing I was going to ask, if you are sure it is able to access the certificate path.
First you have to turn on the openfire debug logs and reproduce the failed connection: Cisco Finesse Administration Guide Release 11.6(1) - Perform Routine Maintenance [Cisco Finesse] - Cisco
Then you collect the openfire logs (which is under desktop logs): Cisco Finesse Administration Guide Release 11.6(1) - Perform Routine Maintenance [Cisco Finesse] - Cisco
Thanx,
Denise
04-19-2018 01:23 AM
Hello Denise,
Please find download link for log - https://www.sendspace.com/file/acoxuy
Today I also tried with Pidgin and behavior is same with Pidgin also.
I uploaded Finesse Tomcat Certificate into Pidgin and tried with port 5223 but Pidgin unable to connect.
Pidgin is able to connect to port 5222.
I tried with Pidgin multiple times but result is same. Failure with port 5223 and success with port 5222 each time.
Thanks & Regards,
Umesh
04-19-2018 10:51 AM
Hi,
I can't download the file from the link due to security issues. But I tried it using Pidgin and was also not able to connect. I am reaching out to the Finesse team for further assistance.
Thanx,
Denise
04-22-2018 10:36 PM
Thanks Denise. Please let me know when you get update from Finesse team.
Regards,
Umesh
04-23-2018 11:04 AM
Hi Umesh,
I was able to get Pidgin to work after changing the Connection Security to be "Use old-style SSL". Like I mentioned before, please download the Tomcat's pem file from the OS admin page and add it to the certificate management of Pidgin.
Thanx,
Denise
04-23-2018 08:39 PM
Hi Denise,
I tried way suggested by you for Pidgin but not able to connect. Please check attached screenshot -
Regards,
Umesh
04-24-2018 11:12 AM
Hi Umesh,
What happens if you do not add the certificate to the certificate management. For me, it pops up a SSL Certificate verification. If I click accept, I am connected.
What version of UCCX are you using?
Thanx,
Denise
04-24-2018 08:09 PM
UCCX version is 10.6.1.
Pidgin version is 2.12.0
Let me check without adding certificate but I remember I tried this also and it doesn't pop-up me any certificate window.
Will update you after running test case.
P.S.: I tried without certificate and it doesn't popup certificate window. Which version of UCCX & Pidgin you are using.
Thanks & Regards,
Umesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide