Hi Umesh,

Sorry for the delay.

The SSL/TLS port for openfire is 5223. Openfire shares the same certificate as the Cisco Finesse Tomcat. This can be found in the Cisco Unified OS Administration page (/cmplatform) under Security --> Certificate Management of the respective node. Make sure to download the certificate of type "Tomcat".

For third party XMPP clients connecting to openfore over TCP, make sure the respective certificate is present in the trust store to have a successful SSL handshake.

Thanx,

Denise

Hello Denise,

Thanks for reply.

My application is able to connect and working fine without SSL with port 5222.

Now I am trying over SSL port 5223. I have downloaded tomcat certificate from UCCX and imported in my store using JAVA keytool utility.

following is the application code related to SSL -

config.setSecurityMode(ConnectionConfiguration.SecurityMode.required);

config.setSASLAuthenticationEnabled(true);

config.setKeystorePath("./cacerts");

config.setTruststorePath("./cacerts");

config.setTruststorePassword("changeit");

connection = new XMPPConnection(config);

I have copied "cacerts" in my executable folder.

I am getting following error from server -

  -- caused by: XMPPError connecting to uccx10.in:5223.: remote-server-error(502) XMPPError connecting to uccx10.in:5223.

  -- caused by: java.net.ConnectException: Connection timed out: connect

Can you please suggest if there is anything wrong?

Do I need to enable specific parameter in UCCX?

Thanks & Regards,

Umesh

Hi Umesh,

What version of Finesse/UCCX are you using? In 11.6, you need to use TLS 1.2 to connect.

Thanx,

Denise

Hi,

I found this method config.setSelfSignedCertificateEnabled(true), I am not sure if that will help.

ConnectionConfiguration (Smack 3.1.0 Documentation)

Thanx,

Denise

Hello Denise,

Thanks for reply.

I already tried that but no success

I also tried with below-

      config.setCustomSSLContext(getSSLContext());

       config.setSocketFactory(new DummySSLSocketFactory());

My doubt is library is unable to access the certificate path provided by me.

Can you please point me about server log for analysis?

Thanks & Regards,

Umesh

Hi Umesh,

That was going to be the next thing I was going to ask, if you are sure it is able to access the certificate path.

First you have to turn on the openfire debug logs and reproduce the failed connection: Cisco Finesse Administration Guide Release 11.6(1) - Perform Routine Maintenance [Cisco Finesse] - Cisco

Then you collect the openfire logs (which is under desktop logs): Cisco Finesse Administration Guide Release 11.6(1) - Perform Routine Maintenance [Cisco Finesse] - Cisco

Thanx,

Denise

Hello Denise,

Please find download link for log - https://www.sendspace.com/file/acoxuy

Today I also tried with Pidgin and behavior is same with Pidgin also.

I uploaded Finesse Tomcat Certificate into Pidgin and tried with port 5223 but Pidgin unable to connect.

Pidgin is able to connect to port 5222.

I tried with Pidgin multiple times but result is same. Failure with port 5223 and success with port 5222 each time.

Thanks & Regards,

Umesh

Hi,

I can't download the file from the link due to security issues. But I tried it using Pidgin and was also not able to connect. I am reaching out to the Finesse team for further assistance.

Thanx,

Denise

Thanks Denise. Please let me know when you get update from Finesse team.

Regards,

Umesh

Hi Umesh,

I was able to get Pidgin to work after changing the Connection Security to be "Use old-style SSL". Like I mentioned before, please download the Tomcat's pem file from the OS admin page and add it to the certificate management of Pidgin.

Thanx,

Denise

Hi Denise,

I tried way suggested by you for Pidgin but not able to connect. Please check attached screenshot -

Regards,

Umesh

Hi Umesh,

What happens if you do not add the certificate to the certificate management. For me, it pops up a SSL Certificate verification. If I click accept, I am connected.

What version of UCCX are you using?

Thanx,

Denise

UCCX version is 10.6.1.

Pidgin version is 2.12.0

Let me check without adding certificate but I remember I tried this also and it doesn't pop-up me any certificate window.

Will update you after running test case.

P.S.: I tried without certificate and it doesn't popup certificate window. Which version of UCCX & Pidgin you are using.

Thanks & Regards,

Umesh