Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1175
Views
5
Helpful
3
Replies

Finesse Gadget 12.6 - conversion from HTTP to HTTPS

thanvi200115673
Level 1
Level 1

‎04-06-2022 01:20 PM

Hi,

 

Recently upgraded the UCCE 11.x to 12.6 and Finesse supports only HTTPS;   Converted the gadget to HTTPS uploaded the certificates in Finesse and Tomcat server (external gadget application) however its returned error;

 

Cisco guides does not have details steps other than uploading the security certificates

Also does Finesse 12.6 support  http gadgets  render ? 

 

Appreciate any help or resolution steps here.

Labels:
0 Helpful
3 Replies 3

bill.king1
VIP
VIP

‎04-06-2022 06:07 PM

What's the error that you receive?

0 Helpful

thanvi200115673
Level 1
Level 1
In response to bill.king1

‎06-06-2022 05:36 PM

Error in the Finesse --

There were issues rendering this gadget.
javax.net.ssl.SSLHandshakeException: the certificate chain is not trusted, Could not validate path.

 

As per document - uploaded the third party gadget certificate in the Finesse Platform.

                               tomcat certificate in the browser

 

Thanks

Preview file
24 KB
0 Helpful

ritdesai
Cisco Employee
Cisco Employee
In response to thanvi200115673

‎06-09-2022 09:42 PM

Hi @thanvi200115673 

 

error clearly states the cert chain is not correct. Please clarify more on connectivity / signaling of third party gadget to understand the certificate signaling flow.

 

Many possibilities that could involve like;

++ does both Finesse and 3rd party gadget signed by same Root CA? if yes, then Root CA chain needs to be imported in tomcat-trust keystore or must be present.

++ does both Finesse and 3rd party gadget signed by same intermediate Root CA? if yes, then Intermediate CA and Root CA chain needs to be imported in tomcat-trust keystore or must be present.

++ does both Finesse and 3rd party gadget signed by different Root CA? if yes, then Intermediate CA and Root CA chain needs to be imported in tomcat-trust keystore.

++ does both Finesse and 3rd party gadget signed by different intermediate Root CA? if yes, then Intermediate CA and Root CA chain needs to be imported in tomcat-trust keystore or must be present.

++ Make sure post CA certs are imported, restart of Cisco Tomcat is restarted. Sometimes have observed the caching on server does not take in effect. restart of Finesse server takes new certificate in effect.

++ if the 3rd party gadget initiates https to 3rd party server make sure the CA certificate chain is present or imported on hosted 3rd party gadget server.

 

thanks and regards,

Ritesh Desai

thanks and regards,
Ritesh Desai
Please mark useful if it helps you. Mark answered if it is answered.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents