04-06-2022 01:20 PM
Hi,
Recently upgraded the UCCE 11.x to 12.6 and Finesse supports only HTTPS; Converted the gadget to HTTPS uploaded the certificates in Finesse and Tomcat server (external gadget application) however its returned error;
Cisco guides does not have details steps other than uploading the security certificates
Also does Finesse 12.6 support http gadgets render ?
Appreciate any help or resolution steps here.
04-06-2022 06:07 PM
What's the error that you receive?
06-06-2022 05:36 PM
Error in the Finesse --
There were issues rendering this gadget.
javax.net.ssl.SSLHandshakeException: the certificate chain is not trusted, Could not validate path.
As per document - uploaded the third party gadget certificate in the Finesse Platform.
tomcat certificate in the browser
Thanks
06-09-2022 09:42 PM
error clearly states the cert chain is not correct. Please clarify more on connectivity / signaling of third party gadget to understand the certificate signaling flow.
Many possibilities that could involve like;
++ does both Finesse and 3rd party gadget signed by same Root CA? if yes, then Root CA chain needs to be imported in tomcat-trust keystore or must be present.
++ does both Finesse and 3rd party gadget signed by same intermediate Root CA? if yes, then Intermediate CA and Root CA chain needs to be imported in tomcat-trust keystore or must be present.
++ does both Finesse and 3rd party gadget signed by different Root CA? if yes, then Intermediate CA and Root CA chain needs to be imported in tomcat-trust keystore.
++ does both Finesse and 3rd party gadget signed by different intermediate Root CA? if yes, then Intermediate CA and Root CA chain needs to be imported in tomcat-trust keystore or must be present.
++ Make sure post CA certs are imported, restart of Cisco Tomcat is restarted. Sometimes have observed the caching on server does not take in effect. restart of Finesse server takes new certificate in effect.
++ if the 3rd party gadget initiates https to 3rd party server make sure the CA certificate chain is present or imported on hosted 3rd party gadget server.
thanks and regards,
Ritesh Desai
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide