02-16-2015 06:43 AM - edited 03-14-2019 02:26 PM
Hi Guys,
I want to configure Cisco Finesse, which runs on my UCCX 10.5.1.
It works fine, I can open it per Explorer/Firefox/Chrome and I get the request for the login credentials.
After that, I get the message, that I have to install two certificates: For Port 8445 & Port 7443.
I downloaded the cerficates (tomcat & ipsec) from the UCCX certificate management and installed it on the client, but i still get
the message, that the certificate for 7443 is still missing?
Has somebody an idea, how I can solve this problem?
Kind Regards,
Nico Seinsche
02-16-2015 07:18 AM
05-04-2015 04:33 AM
Hi Gergely,
yes, I have also tried this. This was the first thing I made after I tried to login to Finesse.
I tried it a few minutes ago again. Now I only get the message to install the certificate for uccx01.<domain>:7443
But when I accept this message for installing this certificate, it will open a new tab with the message:
"You must accept or install the appropriate certificate for this domain. If you have questions, contact your administrator for instructions."
05-04-2015 04:33 AM
Did you able to solve this?
07-07-2015 06:20 AM
Hi,
no, not in the way I wanted to solve it. I had to reinstall the whole UCCX.
07-19-2016 07:47 AM
I'm getting the same error. Anyone else have better luck without reinstalling? I run UCCE so not really an option.
11-24-2015 01:44 AM
Port 7443 is used by CCX Notification Service.
After you upload new certificates in UCCX Certificate Management, you need to restart the following two services:
Cisco Finesse Tomcat
Cisco CCX Notificatin Service
I had this issue today and restarting Notification Service resolved it.
08-21-2016 01:21 PM
Just had this problem today on my 10.6.1SU2 cluster. Make sure you have a current root cert for your tomcat trust loaded on all servers in the cluster. When you upload your new tomcat cert you have to restart the following 4 services on all cluster members:
Cisco Tomcat - so you get your new cert on the admin interface
Cisco Finesse Tomcat - so your users get your new cert on the finesse desktop
Cisco Unified CCX Notification Service - so you don't get the 7443 error when logging into finesse
Cisco Unified Intelligence Center Reporting Service - so CUIC can use the new cert and your live data gadgets work correctly on the finesse desktop
Lots of fun figuring this stuff out when you run a 24 hour op and you have users that can't take calls. The Certificate Notification service on my cluster doesn't want to seem to work so I found out the hard way my server certs were expiring. Thankfully it was a Sunday and not mid-day Monday.
08-03-2018 11:55 AM
add in "Cisco Unified CCX Socket.IO Service" for gadgets on 11.6(1)
08-19-2020 04:18 PM
@Todd Hebert wrote:Just had this problem today on my 10.6.1SU2 cluster. Make sure you have a current root cert for your tomcat trust loaded on all servers in the cluster. When you upload your new tomcat cert you have to restart the following 4 services on all cluster members:
Cisco Tomcat - so you get your new cert on the admin interface
Cisco Finesse Tomcat - so your users get your new cert on the finesse desktop
Cisco Unified CCX Notification Service - so you don't get the 7443 error when logging into finesse
Cisco Unified Intelligence Center Reporting Service - so CUIC can use the new cert and your live data gadgets work correctly on the finesse desktop
Lots of fun figuring this stuff out when you run a 24 hour op and you have users that can't take calls. The Certificate Notification service on my cluster doesn't want to seem to work so I found out the hard way my server certs were expiring. Thankfully it was a Sunday and not mid-day Monday.
Had same problem and this should be marked as the correct answer, it fixes the issue the original poster had. Thanks Todd!
09-27-2016 09:53 AM
hi guys,
did you resolve the issue? I have the same issue on IE windows 8
"
09-27-2016 10:02 AM
If your servers are using self-signed certs, they are probably not trusted by your browser unless you install them in the trust store locally. It's best to get with your CA guys and get enterprise certs created for your UCCX servers. Make sure to upload your enterprise root cert as a tomcat-trust on your UCCX servers when you upload your new tomcat cert, then restart those 4 services and you should be good. The root cert from your enterprise CA is probably already loaded in your browser trust store through AD policy so your agents will not get the cert error when trying to login. Hope this helps.
09-27-2016 11:04 AM
yes that's one way. or we can download the self signed certs in install it manually into agent PC.
I was able to do login without issues yesterday and rebooted the servers for failover test. now running into this issue. i am not sure what went wrong. we are running out of time and getting it signed by CA is not going to happen.
10-30-2017 05:33 PM
Hi Vijendra,
It was an option to download an install the self-signed certificates? I'm wondering if it could work.
Regards.
10-06-2022 12:17 PM
gold! thnx this worked for me. It had me spinning for several hours thinking only tomcat will do.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide