12-16-2022 02:59 AM
Hi,
we were using self-sign certificates for all of our collaboration apps, and now changed to multi-SAN certificates.
we changed CUCM & CCX certificates, after that we faced issue with Finesse login.
Jabber is working fine, also CCX reporting can login perfectly fine.
but when we try to login to with Finesse we get "Authentication failed".
also noticed in CCX when I go to "data sync" and check, I get the following error:
"An unknown error occurred while performing the operation. Please check the logs for more details.Cisco AXL Web Service is down on Cisco Unified CM. Please check whether the service is"
generating self-sign certificate for CUCM fixed the issue, but we need to use Multi-SAN certificate.
we have:
CUCM 12.5.1.10000-22
CCX 12.0.1.10000-24
any idea?
12-16-2022 04:10 AM
MultiSan certificates for UCCX is only allowing the UCCX host in it
UCCX Solution Certificate Management Guide - Cisco
From the Guide :
Note: Leave the Distribution field in the CSR as the FQDN of the server.
Note: "Multi-server (SAN)" certificate is supported for UCCX from 11.6 release onwards. However, the SAN should include UCCX Node-1 and Node-2 only. Other servers, such as SocialMiner, should not be included in the SAN of UCCX.
Note: UCCX only supports certificate key lengths of 1024 and 2048 bits.
12-16-2022 05:06 AM
I don't think there's an issue with UCCX certificate unless I'm missing something.
because now I changed CUCM certificate to self-sign certificate and kept CCX on the new multiSAN certificate and everything worked fine.
but when I change CUCM certificate to MultiSAN certificate then Finesse stops working, but at the same time I can login to CUIC.
there's no SocialMiner or any other servers included.
is there something I need to do between CUCM-CCX after updating certificates?
I uploaded CUCM certificate to CCX tomcat-trust and vice versa but that didn't help.
I didn't understand you when you said "MultiSan certificates for UCCX is only allowing the UCCX host in it", can you explain more?
12-20-2022 03:38 AM
Did you restart Tomcat and Finesse on CCX after uploading the new CUCM Tomcat cert? If not, you need to do that. TBH I usually just restart the entire CCX VM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide