I followed both:
To generate CA and RSA signed ECDSA certs for 11.6(1) on a system... but I'm still getting the request for a certificate on the load of the live gadgets. I installed the certs and even restarted both sides of the UCCX 11.6(1) cluster.
Am I missing something? The CSRs worked fine, the tomcat and tomcat-ECDSA certs went in fine and the CAs and such are added to the tomcat-trust.
Has anyone else struggled with this?
Kindly share the following :
- What error/notification do you see on the live data gadgets?if possible share a screenshot:
- Output of this command from UCCX server (from both if HA) : show cert list own
Thanks for the reply. I think this is connected with the Policy-CA on the new ECDSA certs, it checks on those certs for revocation, whereas our other certs do not. The xxxx-Policy-CA referenced is not on my sandbox network for setup so this is likely the cause. When I manually added the CA cert to the workstation, it was accepted, so as a workaround on go-live I can put them into a GPO. I wish Cisco would develop a little more literature on this for a few different CAs, what's supported, etc. - as one of my systems is on 11.5(1) and I think they used the COP file for ECDSA disable and I'd like to get everyone on a single, preferred design.
I had this issue today after renewing our Tomcat certs. While I couldn't find any documentation I noticed port 12015 is used by the Cisco Unified CCX Socket.IO Service and when I browsed directly to CCX.doman.com:12015 the cert was still showing the old date. I restarted the Socket.IO service and my problem cleared. This is in addition to the other services I restarted below. I did validate with TAC before restarting and did not experience any impact as this service only seems to be for live data reporting.
§ Tomcat service (utils service restart Cisco Tomcat)
§ Finesse Tomcat service (utils service restart Cisco Finesse Tomcat)
§ Unified Intelligence Center Reporting service (utils service restart Cisco Unified Intelligence Center Reporting Service)
§ Cisco Unified CCX Notification Service (utils service restart Cisco Unified CCX Notification Service)