Showing results for 
Search instead for 
Did you mean: 

UCCX / Finesse Cert Issue

Yort Mantup


First time thru this. I followed this document:

When launching the cisco finesse client https://uccx1:8445/desktop ; - finesse will not launch

when launching the client from https:/uccx2:8445 - it launches.  I then get the SSL Certificates not accepted showing the uccx1:8445.   I click OK but it fails, stating the site can't be reached  uccx1 refused to connect.

I am not sure what I am missing although I feel the answer is right in front of me  :)  Any idea's?

UCCX 10.6 (HA)


Deepak Rawat
Cisco Employee
Cisco Employee

You need to use the FQDN i.e., hostname + domainname in the login URL and not just hostname. To find the FQDN, login into UCCX CLI and issue show tech network hosts

Also, please make sure that you are able to open uccx1 in the browser normally or not. You might need to check if your forward and reverse lookup entries for both the UCCX servers are configured correctly on your DNS server. To ensure the forward and reverse lookup entries are working fine, issue utils diagnose test from both the UCCX servers CLI and make sure the tests come passed.

Note: You should be able to open the FQDN of both the UCCX servers from agent desktop and only then it will work for Finesse login as well. Also issue utils service list from both the UCCX servers CLI and make sure Finesse is activated and is started.



Thank you for feedback. I apologize, I left off the FQDN in post but am using it in my login URL.  I am able to open both nodes in the browser normally and ran the utils diagnose test with no issues found on both nodes.  I also ensured Finesse is activated and started on both nodes.  Anything else I should look at?

Hi deepak, 

i need your help to sort out the ssl certificate issue.. UCCX was working fine with single node after installed the subcriber there is some certificate error.. 

This Msg is showing when agent wants to loginThis Msg is showing when agent wants to loginFirst node certificate listFirst node certificate listsecond node certificates listsecond node certificates list

i tried to upload the tomact service and restarted the tomcat services also but still same. could you please help me in this. 


I have to upload certificate manully on internet explorer.. if you could you please send me the process.

i have one link how to upload but i don't know how to download the certificate from root and how to keet in trusted folder.

Hi, troyputnam.

Can you make sure that the Security certificates installed on your machine,

which browser that you used, try with some else.

can you delete the history of the browsers and check again?



When I try to add the exception in Firefox and click Get Cert, I get unable to obtain identification status for this site so I am unable to add the exception.  For IE, that same cert errors out.  Others have the same issue.


Do you have self-signed Tomcat certs or CA-signed Tomcat certs? See my comments below.



According to your screenshots, you have self-signed certs and the error message is asking you to accept these self-signed certs if you want to login to Cisco Finesse - that's all. Agents/Supervisors should disable the popup blocker before they login so each cert opens as a new tab. On each tab, click on the certificate error at the end of the URL to view certificate.

Cisco Finesse requires the use of FQDN. Under each cert > click on the Detail tab, verify the CN is using the FQDN format. Go back to the General tab and click on 'Install Certificate'. You can automatically install the cert or you can install (place) the cert yourself. I believe, the Enterprise Trust should be sufficient.

Once you install the certs, go back to the main page (tab) and click Ok. You should be able to login now. With self-signed certs, each user would go through this process. It takes less than a minute but for less technical users, perhaps longer. You can always add these self-signed certs to a group policy... or, better yet... you can obtain CA-signed certs.

If you're having problems logging into one of the servers, then it's likely because;

1. You didn't accept or you're missing certs for the other server.

NOTE: If you look closely at the certs, they're generated by the same servers. However, different ports were referenced, thus, separate requests. Once you accept the certs, any missing certs via ports... can be accepted after you login through the gadget interface. 

2. The Cisco Finesse Tomcat service is hung up.

NOTE: Sometimes this happens during HA failovers. You can try to restart this service, or you can manually perform HA failover.    


I solved it..


just upload the certificate to internet explorer that it.. 



May I know how do you export the cert out? My PC is a win10.

Do you have self-signed certs or CA-signed certs? [UCCX Tomcat]

Hi Support,
I have a UCCX cert but it will expire on 10/02/2020. Where can I renew this cert or download a new cert? Thanks

Just to confirm... the expiration date on your cert is 10/02/2020What version of UCCX do you have?

If you purchased UCCX, then you should have a permanent license. If you performed a fresh install, by default, you have a 30 day (temporary) license. I don't know, perhaps "packaged" call center solutions have expiration dates - I would assume so. Sounds like you need to contact your sales rep.

HA! Yeah, you can completely disregard the comments about licensing. For a minute... I thought you were talking about the expiration date on your license, not your Tomcat certificate. It's been a long day.

Simple: Login to UCCX OS Admin, Goto Security > Certificate Management, click on Generate, Select Tomcat, Reboot the server. If you have two servers, repeat for each.

Not so Simple: Read this document
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: