cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
22765
Views
96
Helpful
21
Replies
nico13192
Beginner

Finesse has Problems with Certificate on Port 7443

Hi Guys,

 

I want to configure Cisco Finesse, which runs on my UCCX 10.5.1.

It works fine, I can open it per Explorer/Firefox/Chrome and I get the request for the login credentials.

After that, I get the message, that I have to install two certificates: For Port 8445 & Port 7443.

I downloaded the cerficates (tomcat & ipsec) from the UCCX certificate management and installed it on the client, but i still get

the message, that the certificate for 7443 is still missing?

Has somebody an idea, how I can solve this problem?

 

Kind Regards,

 

Nico Seinsche

 

21 REPLIES 21
Gergely Szabo
Advocate

Hi,

did you try to follow the steps on this document?

G.

Hi Gergely,

 

yes, I have also tried this. This was the first thing I made after I tried to login to Finesse.

I tried it a few minutes ago again. Now I only get the message to install the certificate for uccx01.<domain>:7443

But when I accept this message for installing this certificate, it will open a new tab with the message:

"You must accept or install the appropriate certificate for this domain. If you have questions, contact your administrator for instructions."

Did you able to solve this?

Hi,

 

no, not in the way I wanted to solve it. I had to reinstall the whole UCCX.

I'm getting the same error.  Anyone else have better luck without reinstalling?  I run UCCE so not really an option.

SMerezhko
Beginner

Port 7443 is used by CCX Notification Service.

After you upload new certificates in UCCX Certificate Management, you need to restart the following two services:
Cisco Finesse Tomcat
Cisco CCX Notificatin Service

I had this issue today and restarting Notification Service resolved it.

Todd Hebert
Contributor

Just had this problem today on my 10.6.1SU2 cluster.  Make sure you have a current root cert for your tomcat trust loaded on all servers in the cluster.  When you upload your new tomcat cert you have to restart the following 4 services on all cluster members:

Cisco Tomcat  - so you get your new cert on the admin interface

Cisco Finesse Tomcat - so your users get your new cert on the finesse desktop

Cisco Unified CCX Notification Service - so you don't get the 7443 error when logging into finesse

Cisco Unified Intelligence Center Reporting Service - so CUIC can use the new cert and your live data gadgets work correctly on the finesse desktop

Lots of fun figuring this stuff out when you run a 24 hour op and you have users that can't take calls.  The Certificate Notification service on my cluster doesn't want to seem to work so I found out the hard way my server certs were expiring.  Thankfully it was a Sunday and not mid-day Monday.

add in "Cisco Unified CCX Socket.IO Service" for gadgets on 11.6(1)


@Todd Hebert wrote:

Just had this problem today on my 10.6.1SU2 cluster.  Make sure you have a current root cert for your tomcat trust loaded on all servers in the cluster.  When you upload your new tomcat cert you have to restart the following 4 services on all cluster members:

Cisco Tomcat  - so you get your new cert on the admin interface

Cisco Finesse Tomcat - so your users get your new cert on the finesse desktop

Cisco Unified CCX Notification Service - so you don't get the 7443 error when logging into finesse

Cisco Unified Intelligence Center Reporting Service - so CUIC can use the new cert and your live data gadgets work correctly on the finesse desktop

Lots of fun figuring this stuff out when you run a 24 hour op and you have users that can't take calls.  The Certificate Notification service on my cluster doesn't want to seem to work so I found out the hard way my server certs were expiring.  Thankfully it was a Sunday and not mid-day Monday.


Had same problem and this should be marked as the correct answer, it fixes the issue the original poster had.  Thanks Todd!

hi guys,

did you resolve the issue?  I have the same issue on IE windows 8

"

You must accept or install the appropriate certificate for this domain. If you have questions, contact your administrator for instructions."
when I try this on firefox "A generic sign-in error has occurred. (Error code Generic Error)".  there is a bug for this firefox error msg that says the msg comes up if the agent ID is also an admin/supervisor.  but the agent ID i was trying to llogin with is just an agent role associated
uccx is using sself signed certs.  fresh install with HA.

If your servers are using self-signed certs, they are probably not trusted by your browser unless you install them in the trust store locally.  It's best to get with your CA guys and get enterprise certs created for your UCCX servers.  Make sure to upload your enterprise root cert as a tomcat-trust on your UCCX servers when you upload your new tomcat cert, then restart those 4 services and you should be good.  The root cert from your enterprise CA is probably already loaded in your browser trust store through AD policy so your agents will not get the cert error when trying to login.  Hope this helps.

yes that's one way.  or we can download the self signed certs in install it manually into agent PC.

I was able to do  login without issues yesterday and rebooted the servers for failover test. now running into this issue.  i am not sure what went wrong. we are running out of time and getting it signed by CA is not going to happen.

Hi Vijendra,

 

It was an option to download an install the self-signed certificates? I'm wondering if it could work.

 

Regards.

nanosynth
Beginner

None of this applies in my case. None of it. I have just one UCCX 10.6. I have a REAL CA cert. Finesse works perfect on my Win 7 PC using Firefox AND Chrome. The problem is with IE 11 on the same machine. Just like the person said, I get the "SSL Certs Not Accepted" for the 2 ports and when I click on "OK" to "Accept" the certs, it brings me to another just opened page in IE and says "

You must accept or install the appropriate certificate for this domain. If you have questions, contact your administrator for instructions." but there is NO place to actually "Accept" the certs. None of the "basic" problems are here, like not using FQDN or self-signed, no, everything is REAL. Nothing needs ''restarting' either, it gets shutdown and started all the time, its in a lab. Sure, I can use Firefox and Chrome, but Id really like to know why IE, on this machine wont even let me 'Accept" the certs. 
 
Content for Community-Ad

Spotlight Awards 2021