Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1506
Views
0
Helpful
3
Replies

Can't login with Finesse after changing CUCM SSL certificate

HusseinLTD
Level 1
Level 1

‎12-16-2022 02:59 AM

Hi, 

we were using self-sign certificates for all of our collaboration apps, and now changed to multi-SAN certificates.

we changed CUCM & CCX certificates, after that we faced issue with Finesse login.

Jabber is working fine, also CCX reporting can login perfectly fine.

but when we try to login to with Finesse we get "Authentication failed".

also noticed in CCX when I go to "data sync" and check, I get the following error:

"An unknown error occurred while performing the operation. Please check the logs for more details.Cisco AXL Web Service is down on Cisco Unified CM. Please check whether the service is"

generating self-sign certificate for CUCM fixed the issue, but we need to use Multi-SAN certificate.

we have:

CUCM 12.5.1.10000-22

CCX 12.0.1.10000-24

 

any idea?

Labels:
0 Helpful
3 Replies 3

Thomas G. Johannesen
Spotlight
Spotlight

‎12-16-2022 04:10 AM

MultiSan certificates for UCCX is only allowing the UCCX host in it

UCCX Solution Certificate Management Guide - Cisco

From the Guide :

Note: Leave the Distribution field in the CSR as the FQDN of the server.

Note: "Multi-server (SAN)" certificate is supported for UCCX from 11.6 release onwards. However, the SAN should include UCCX Node-1 and Node-2 only. Other servers, such as SocialMiner, should not be included in the SAN of UCCX.

Note: UCCX only supports certificate key lengths of 1024 and 2048 bits.

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Thomas G. J.
0 Helpful

HusseinLTD
Level 1
Level 1
In response to Thomas G. Johannesen

‎12-16-2022 05:06 AM

I don't think there's an issue with UCCX certificate unless I'm missing something.

because now I changed CUCM certificate to self-sign certificate and kept CCX on the new multiSAN certificate and everything worked fine.

but when I change CUCM certificate to MultiSAN certificate then Finesse stops working, but at the same time I can login to CUIC.

there's no SocialMiner or any other servers included.

 

is there something I need to do between CUCM-CCX after updating certificates? 
I uploaded CUCM certificate to CCX tomcat-trust and vice versa but that didn't help.

 

I didn't understand you when you said "MultiSan certificates for UCCX is only allowing the UCCX host in it", can you explain more?

0 Helpful

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎12-20-2022 03:38 AM

Did you restart Tomcat and Finesse on CCX after uploading the new CUCM Tomcat cert? If not, you need to do that. TBH I usually just restart the entire CCX VM.

0 Helpful
Customers Also Viewed These Support Documents