First time thru this. I followed this document: http://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/118855-configure-uccx-00.html#anc16
When launching the cisco finesse client https://uccx1:8445/desktop ; - finesse will not launch
when launching the client from https:/uccx2:8445 - it launches. I then get the SSL Certificates not accepted showing the uccx1:8445. I click OK but it fails, stating the site can't be reached uccx1 refused to connect.
I am not sure what I am missing although I feel the answer is right in front of me :) Any idea's?
UCCX 10.6 (HA)
You need to use the FQDN i.e., hostname + domainname in the login URL and not just hostname. To find the FQDN, login into UCCX CLI and issue show tech network hosts
Also, please make sure that you are able to open uccx1 in the browser normally or not. You might need to check if your forward and reverse lookup entries for both the UCCX servers are configured correctly on your DNS server. To ensure the forward and reverse lookup entries are working fine, issue utils diagnose test from both the UCCX servers CLI and make sure the tests come passed.
Note: You should be able to open the FQDN of both the UCCX servers from agent desktop and only then it will work for Finesse login as well. Also issue utils service list from both the UCCX servers CLI and make sure Finesse is activated and is started.
Thank you for feedback. I apologize, I left off the FQDN in post but am using it in my login URL. I am able to open both nodes in the browser normally and ran the utils diagnose test with no issues found on both nodes. I also ensured Finesse is activated and started on both nodes. Anything else I should look at?
i need your help to sort out the ssl certificate issue.. UCCX was working fine with single node after installed the subcriber there is some certificate error..
i tried to upload the tomact service and restarted the tomcat services also but still same. could you please help me in this.
I have to upload certificate manully on internet explorer.. if you could you please send me the process.
i have one link how to upload but i don't know how to download the certificate from root and how to keet in trusted folder.
When I try to add the exception in Firefox and click Get Cert, I get unable to obtain identification status for this site so I am unable to add the exception. For IE, that same cert errors out. Others have the same issue.
Do you have self-signed Tomcat certs or CA-signed Tomcat certs? See my comments below.
According to your screenshots, you have self-signed certs and the error message is asking you to accept these self-signed certs if you want to login to Cisco Finesse - that's all. Agents/Supervisors should disable the popup blocker before they login so each cert opens as a new tab. On each tab, click on the certificate error at the end of the URL to view certificate.
Cisco Finesse requires the use of FQDN. Under each cert > click on the Detail tab, verify the CN is using the FQDN format. Go back to the General tab and click on 'Install Certificate'. You can automatically install the cert or you can install (place) the cert yourself. I believe, the Enterprise Trust should be sufficient.
Once you install the certs, go back to the main page (tab) and click Ok. You should be able to login now. With self-signed certs, each user would go through this process. It takes less than a minute but for less technical users, perhaps longer. You can always add these self-signed certs to a group policy... or, better yet... you can obtain CA-signed certs.
If you're having problems logging into one of the servers, then it's likely because;
1. You didn't accept or you're missing certs for the other server.
NOTE: If you look closely at the certs, they're generated by the same servers. However, different ports were referenced, thus, separate requests. Once you accept the certs, any missing certs via ports... can be accepted after you login through the gadget interface.
2. The Cisco Finesse Tomcat service is hung up.
NOTE: Sometimes this happens during HA failovers. You can try to restart this service, or you can manually perform HA failover.
Just to confirm... the expiration date on your cert is 10/02/2020? What version of UCCX do you have?
If you purchased UCCX, then you should have a permanent license. If you performed a fresh install, by default, you have a 30 day (temporary) license. I don't know, perhaps "packaged" call center solutions have expiration dates - I would assume so. Sounds like you need to contact your sales rep.
HA! Yeah, you can completely disregard the comments about licensing. For a minute... I thought you were talking about the expiration date on your license, not your Tomcat certificate. It's been a long day.