cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
5458
Views
0
Helpful
13
Replies
Highlighted
Enthusiast

UCCX / Finesse Cert Issue

Hello,

First time thru this. I followed this document: http://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/118855-configure-uccx-00.html#anc16

When launching the cisco finesse client https://uccx1:8445/desktop ; - finesse will not launch

when launching the client from https:/uccx2:8445 - it launches.  I then get the SSL Certificates not accepted showing the uccx1:8445.   I click OK but it fails, stating the site can't be reached  uccx1 refused to connect.

I am not sure what I am missing although I feel the answer is right in front of me  :)  Any idea's?

UCCX 10.6 (HA)

13 REPLIES 13
Highlighted
Cisco Employee

You need to use the FQDN i.e., hostname + domainname in the login URL and not just hostname. To find the FQDN, login into UCCX CLI and issue show tech network hosts

Also, please make sure that you are able to open uccx1 in the browser normally or not. You might need to check if your forward and reverse lookup entries for both the UCCX servers are configured correctly on your DNS server. To ensure the forward and reverse lookup entries are working fine, issue utils diagnose test from both the UCCX servers CLI and make sure the tests come passed.

Note: You should be able to open the FQDN of both the UCCX servers from agent desktop and only then it will work for Finesse login as well. Also issue utils service list from both the UCCX servers CLI and make sure Finesse is activated and is started.

Regards

Deepak

Highlighted

Thank you for feedback. I apologize, I left off the FQDN in post but am using it in my login URL.  I am able to open both nodes in the browser normally and ran the utils diagnose test with no issues found on both nodes.  I also ensured Finesse is activated and started on both nodes.  Anything else I should look at?

Highlighted

Hi deepak, 

i need your help to sort out the ssl certificate issue.. UCCX was working fine with single node after installed the subcriber there is some certificate error.. 

This Msg is showing when agent wants to loginThis Msg is showing when agent wants to loginFirst node certificate listFirst node certificate listsecond node certificates listsecond node certificates list

i tried to upload the tomact service and restarted the tomcat services also but still same. could you please help me in this. 

 

I have to upload certificate manully on internet explorer.. if you could you please send me the process.

i have one link how to upload but i don't know how to download the certificate from root and how to keet in trusted folder.

Highlighted

Hi, troyputnam.

Can you make sure that the Security certificates installed on your machine,

which browser that you used, try with some else.

can you delete the history of the browsers and check again?

install_secuirty_certificate.jpg

Highlighted

Hello,

When I try to add the exception in Firefox and click Get Cert, I get unable to obtain identification status for this site so I am unable to add the exception.  For IE, that same cert errors out.  Others have the same issue.

Highlighted

Yort,

Do you have self-signed Tomcat certs or CA-signed Tomcat certs? See my comments below.

 

Muhammadan,

According to your screenshots, you have self-signed certs and the error message is asking you to accept these self-signed certs if you want to login to Cisco Finesse - that's all. Agents/Supervisors should disable the popup blocker before they login so each cert opens as a new tab. On each tab, click on the certificate error at the end of the URL to view certificate.

Cisco Finesse requires the use of FQDN. Under each cert > click on the Detail tab, verify the CN is using the FQDN format. Go back to the General tab and click on 'Install Certificate'. You can automatically install the cert or you can install (place) the cert yourself. I believe, the Enterprise Trust should be sufficient.

Once you install the certs, go back to the main page (tab) and click Ok. You should be able to login now. With self-signed certs, each user would go through this process. It takes less than a minute but for less technical users, perhaps longer. You can always add these self-signed certs to a group policy... or, better yet... you can obtain CA-signed certs.

If you're having problems logging into one of the servers, then it's likely because;

1. You didn't accept or you're missing certs for the other server.

NOTE: If you look closely at the certs, they're generated by the same servers. However, different ports were referenced, thus, separate requests. Once you accept the certs, any missing certs via ports... can be accepted after you login through the gadget interface. 

2. The Cisco Finesse Tomcat service is hung up.

NOTE: Sometimes this happens during HA failovers. You can try to restart this service, or you can manually perform HA failover.    

Highlighted

Hi 

I solved it..

 

just upload the certificate to internet explorer that it.. 

 

 

Highlighted

May I know how do you export the cert out? My PC is a win10.

Highlighted

Do you have self-signed certs or CA-signed certs? [UCCX Tomcat]

Highlighted

Hi Support,
I have a UCCX cert but it will expire on 10/02/2020. Where can I renew this cert or download a new cert? Thanks
Regards,
Thomas
Highlighted

Just to confirm... the expiration date on your cert is 10/02/2020What version of UCCX do you have?

If you purchased UCCX, then you should have a permanent license. If you performed a fresh install, by default, you have a 30 day (temporary) license. I don't know, perhaps "packaged" call center solutions have expiration dates - I would assume so. Sounds like you need to contact your sales rep.

Highlighted

HA! Yeah, you can completely disregard the comments about licensing. For a minute... I thought you were talking about the expiration date on your license, not your Tomcat certificate. It's been a long day.

Highlighted

Simple: Login to UCCX OS Admin, Goto Security > Certificate Management, click on Generate, Select Tomcat, Reboot the server. If you have two servers, repeat for each.

Not so Simple: Read this document
https://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/118855-configure-uccx-00.html