10-26-2022 08:14 PM
Getting invalid and expired cert warnings for CUPS servers. PUB shows expired and SUB shows invalid. CUP-XMPP & Tomcat have valid enterprise certs, nodes have been both completely restarted. My SUB is new and CUPS sub is still offering the self-signed cert, my PUB is still offering the expired cert from 30 days go. Deleted and uploaded certs plus restarted cluster, still getting errors on Jabber. TAC is looking but taking bit.
Solved! Go to Solution.
12-11-2022 11:22 AM
TAC resolved with root access and had to remove bad cert twice. BUG CSCwa01599
Problem Description
Presence 14.0.1
Publisher node seemed to have a known defect (CSCwa01599) but the workaround was applied without success. The old expired certificate was still being presented.
Summary
We thoroughly checked all locations for the certificate including database and file system. We confirmed that the new certificate was present for all locations mentioned. however, the problem was a backup copy of the xmpp.pem file located in the same directory of /usr/local/xcp/certs/xmpp/. This backup file was being presented to jabber even though it was named xmpp.pem_orig, which was the old, expired certificate. So simply deleting this file from the server followed by the same service restarts for Cisco XCP Connection Manager and Cisco XCP Router resolved the issue.
10-26-2022 09:27 PM
Thump Rule renew expired certificates and restart the related services.
Have you done this ?
10-26-2022 10:06 PM
Yes, restarted all services several times. Same results.
10-26-2022 10:36 PM
Can you please share screenshots from your servers from the certificate management page?
11-01-2022 09:33 PM - edited 11-01-2022 09:35 PM
Screen shot of cup-xmpp cert, Jabber client is still presenting the self signed IMP cert even though I replaced cup-xmpp with enterprise CA-signed cert. Getting no where with TAC, they say its bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb89326
Jabber client cert is pulling:
11-01-2022 11:00 PM
Really hard to see anything on the certificate screenshot, will check again from a computer when I get to work. On the bug, if you’re truly hitting that defect TAC should be able to help you with removal of the stuck certificate(s) from their root access.
11-01-2022 11:08 PM
Have you restarted the services and server after uploading the CA signed certificates ?
If you are hit with the BUG TAC could be able to Fix it .
12-11-2022 11:22 AM
TAC resolved with root access and had to remove bad cert twice. BUG CSCwa01599
Problem Description
Presence 14.0.1
Publisher node seemed to have a known defect (CSCwa01599) but the workaround was applied without success. The old expired certificate was still being presented.
Summary
We thoroughly checked all locations for the certificate including database and file system. We confirmed that the new certificate was present for all locations mentioned. however, the problem was a backup copy of the xmpp.pem file located in the same directory of /usr/local/xcp/certs/xmpp/. This backup file was being presented to jabber even though it was named xmpp.pem_orig, which was the old, expired certificate. So simply deleting this file from the server followed by the same service restarts for Cisco XCP Connection Manager and Cisco XCP Router resolved the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide