Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
2
Helpful
3
Replies

Bug CSCwf40230 Certificate renewal error

Jan Slabber
Level 1
Level 1

‎11-09-2023 11:40 PM

Hello Community,

I have the following issue and need some guidance please.

When attempting to upload a new certificate to replace one due to expire Friday, November 10, 2023 at 11:59:59 PM on CCX version 12.5.1.11003-511 we are encountering the following error

This appears to be the BUG CSCwf40230  which has the Workaround: Contact Cisco TAC for workaround.

****We are unable to go to Cisco TAC due to contract renewal.

Troubleshooting done so far:

I deleted the tomcat-trust intermediate certificate which was shown as a duplicate that is.

“Cannot import certificate. It is a duplicate of pre-existing certificate 'GEANT_EV_RSA_CA_4_047b8b6d09b1656742a8a7c1869c9faa.pem'. both have SubjectName: 'CN=GEANT EV RSA CA 4,O=GEANT Vereniging,C=NL' and SerialNo. This certificate exists in tomcat-trust”

.

restarted both the uccx primary and ha and also checked that the GEANT_EV_RSA_CA_4_047b8b6d09b1656742a8a7c1869c9faa tomcat-trust certificate had been removed. I then uploaded the CN=GEANT EV RSA CA 4, O=GEANT Vereniging, C=NL certificate as an intermediate tomcat-trust , restarted both the primary and ha server after which I attempted to upload the tomcat certificate however encountered the same error that we had before.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

piyush aghera
Spotlight
Spotlight

‎12-07-2023 02:56 PM

I am not sure if you referred below community discussion which is mentioned in the bug. This question is related to CUCM but may give you some pointers:

https://community.cisco.com/t5/cisco-bug-discussions/cscwc26596-unable-to-upload-signed-cert-duplicate-of-pre/td-p/4685559

Thanks,

Piyush Aghera

BLOG

b.winter
VIP
VIP

‎12-08-2023 12:18 AM

Should be fixed in 12.5 SU3 ES03
This is only stated in the release notes, but not in the bug.

mparra.fusionet
Level 1
Level 1

‎04-01-2025 10:45 AM

This issue also affects 12.6.2 PCCE/UCCE Finesse, VVB, CUIC, Cloud Connector, there is a patch for those platforms (in CCX is built in on the latest ESs as others have mentioned):

ucos.CSCwc26596 _12_6_2.cop.sgn

Unable to upload Signed CA certs if Signer certs has initial identical words in VVB
CSCwf76330  


Symptom: Unable to upload Signed CA certs if Signer certs has initial identical words in VVB Conditions: When uploading CA signed certificate into tomcat, Finesse and the signer certificate has initial identical words then certificate upload fails with errors: "Cannot import certificate. It is a duplicate of pre-existing certificate." Workaround: Install the following cop file below on each VVB server within the cluster: "ucos.CSCwc26596 _12_6_2.cop.sgn" VVB Software Link: https://software.cisco.com/download/home/286331734/type/286289787/release/12.6(2) Further Problem Description:

0 Helpful
Customers Also Viewed These Support Documents