- Cisco Community
- Technology and Support
- DevNet Hub
- DevNet Collaboration
- Contact Center
- Uploading Third-Party Gadget Certificate to Finesse (UCCX)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Uploading Third-Party Gadget Certificate to Finesse (UCCX)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2014 06:43 AM
Hello. We serve our Finesse gadgets off of a Windows IIS box. We generate self-signed certificates for these boxes to load into Finesse (via Cisco Unified OS Administration/Security/Certificate Management). As per the docs we select tomcat-trust as the Certificate Name. With the UCCE version of Finesse this works fine and the certificate uploads fine and https works perfectly. When we try to do this with the UCCX version of Finesse the upload fails with the following message.
The requested command [sudo /usr/local/platform/bin/CertMgmt.py decode op:import type:trust-certs unit:tomcat-trust src-cert:%2Fusr%2Flocal%2Fplatform%2Fupload%2Fcerts%2FUWF.UPSTREAMWORKS.root.pem cert-dir:%2Fusr%2Flocal%2Fplatform%2F.security%2Ftomcat%2Ftrust-certs key-dir:%2Fusr%2Flocal%2Fplatform%2F.security%2Ftomcat%2Fkeys rootCA-cert:Dummy+Root+cert trust-dir:%2Fusr%2Flocal%2Fplatform%2F.security%2Ftomcat%2Ftrust-certs logfile:%2Fvar%2Flog%2Factive%2Fplatform%2Flog%2Fcert-mgmt.log resultfile:%2Fvar%2Flog%2Factive%2Fplatform%2Flog%2Fcertde-info.xml description:Signed+Certificate] could not be executed.
There are a few interesting things in all this.
1. The logfile: parameter shown in the error message does not match the log filenames see via the CLI. The error message shows .../cert-mgmt.log but looking via the CLI we see a log file of the form certm.log and others of the form certMgmtnnnnn.log (eg. certMgmt00040.log).
2. We know the command is executing because the resultfile: certde-info.xml is being updated (timestamp changes). The following is what is written to this file.
<?xml version="1.0" encoding="UTF-8"?>
<CertMgr>
<result>error</result>
<description>The file /usr/local/platform/.security/tomcat/trust-certs/_.UPSTREAMWORKS.com.pem is not found.</description>
</CertMgr>
3. Looking at the certMgmt00040.log file we see the following Java exception. You can see it processing the command correctly and reading all the certificate information correctly. It looks like it uploads all properly and then when it tries to verify the CN it suddenly thinks the uploaded cert file is a directory instead of a file! I have removed IPs and hostnames :-) .
2014-06-26 09:19:59,538 INFO [main] - log4j configuration successful.
2014-06-26 09:19:59,653 INFO [main] - IN -- CertMgr.java - mainInternal(args) -
2014-06-26 09:19:59,654 INFO [main] - decode
2014-06-26 09:19:59,655 INFO [main] - op:import
2014-06-26 09:19:59,655 INFO [main] - type:trust-certs
2014-06-26 09:19:59,655 INFO [main] - unit:tomcat-trust
2014-06-26 09:19:59,655 INFO [main] - src-cert:%2Fusr%2Flocal%2Fplatform%2Fupload%2Fcerts%2FUWF.UPSTREAMWORKS.root.pem
2014-06-26 09:19:59,655 INFO [main] - cert-dir:%2Fusr%2Flocal%2Fplatform%2F.security%2Ftomcat%2Ftrust-certs
2014-06-26 09:19:59,655 INFO [main] - key-dir:%2Fusr%2Flocal%2Fplatform%2F.security%2Ftomcat%2Fkeys
2014-06-26 09:19:59,655 INFO [main] - rootCA-cert:Dummy+Root+cert
2014-06-26 09:19:59,655 INFO [main] - trust-dir:%2Fusr%2Flocal%2Fplatform%2F.security%2Ftomcat%2Ftrust-certs
2014-06-26 09:19:59,655 INFO [main] - logfile:%2Fvar%2Flog%2Factive%2Fplatform%2Flog%2Fcert-mgmt.log
2014-06-26 09:19:59,658 INFO [main] - resultfile:%2Fvar%2Flog%2Factive%2Fplatform%2Flog%2Fcertde-info.xml
2014-06-26 09:19:59,658 INFO [main] - description:Signed+Certificate
2014-06-26 09:19:59,687 INFO [main] - Parsed information
2014-06-26 09:19:59,687 INFO [main] - OrgName: Upstream Works Software Ltd.
2014-06-26 09:19:59,687 INFO [main] - OrgUnit: 8000 Jane Street, Tower A, Suite 401
2014-06-26 09:19:59,687 INFO [main] - Location: Vaughan
2014-06-26 09:19:59,687 INFO [main] - Country: CA
2014-06-26 09:19:59,687 INFO [main] - State: ON
2014-06-26 09:19:59,687 INFO [main] - Hostname: <removed>
2014-06-26 09:19:59,687 INFO [main] - AlternateHostname: null
2014-06-26 09:19:59,687 INFO [main] - Domain Name: ps.upstreamworks.com
2014-06-26 09:19:59,687 INFO [main] - IPAddress: <removed>
2014-06-26 09:19:59,688 INFO [main] - In parseXML()
2014-06-26 09:19:59,688 INFO [main] - CN: <removed>.ps.upstreamworks.com
2014-06-26 09:19:59,689 INFO [main] - Temp before mod is
2014-06-26 09:19:59,689 INFO [main] - Temp afer mod is 8000 Jane Street
2014-06-26 09:19:59,689 INFO [main] - Temp in else is 8000 Jane Street
2014-06-26 09:19:59,689 INFO [main] - Temp before mod is
2014-06-26 09:19:59,689 INFO [main] - Temp afer mod is Tower A
2014-06-26 09:19:59,689 INFO [main] - Temp in else is Tower A
2014-06-26 09:19:59,689 INFO [main] - Temp before mod is
2014-06-26 09:19:59,689 INFO [main] - Temp afer mod is Suite 401
2014-06-26 09:19:59,689 INFO [main] - Temp in else is Suite 401
2014-06-26 09:19:59,690 INFO [main] - Temp before mod is
2014-06-26 09:19:59,690 INFO [main] - Temp afer mod is 8000 Jane Street
2014-06-26 09:19:59,690 INFO [main] - Temp in else is 8000 Jane Street
2014-06-26 09:19:59,690 INFO [main] - Temp before mod is
2014-06-26 09:19:59,690 INFO [main] - Temp afer mod is Tower A
2014-06-26 09:19:59,690 INFO [main] - Temp in else is Tower A
2014-06-26 09:19:59,690 INFO [main] - Temp before mod is
2014-06-26 09:19:59,690 INFO [main] - Temp afer mod is Suite 401
2014-06-26 09:19:59,690 INFO [main] - Temp in else is Suite 401
2014-06-26 09:19:59,690 INFO [main] - OuFields are 8000 Jane Street
2014-06-26 09:19:59,690 DEBUG [main] - Field after encoding: 8000 Jane Street
2014-06-26 09:19:59,690 INFO [main] - OuFields are Tower A
2014-06-26 09:19:59,690 DEBUG [main] - Field after encoding: Tower A
2014-06-26 09:19:59,690 INFO [main] - OuFields are Suite 401
2014-06-26 09:19:59,691 DEBUG [main] - Field after encoding: Suite 401
2014-06-26 09:19:59,691 DEBUG [main] - Field after encoding: Upstream Works Software Ltd.
2014-06-26 09:19:59,691 DEBUG [main] - Field after encoding: Vaughan
2014-06-26 09:19:59,691 DEBUG [main] - Field after encoding: ON
2014-06-26 09:19:59,691 DEBUG [main] - Field after encoding: CA
2014-06-26 09:19:59,694 INFO [main] - OU field is :8000 Jane Street
2014-06-26 09:19:59,694 INFO [main] - OU field is :Tower A
2014-06-26 09:19:59,694 INFO [main] - OU field is :Suite 401
2014-06-26 09:19:59,694 INFO [main] - SubjectDN :: CN=<removed>.ps.upstreamworks.com,OU=8000 Jane Street,OU=Tower A,OU=Suite 401,O=Upstream Works Software Ltd.,L=Vaughan,ST=ON,C=CA
2014-06-26 09:19:59,694 INFO [main] - IN -- CertMgr.java - getCertMgrObj(unit) - tomcat-trust
2014-06-26 09:19:59,705 INFO [main] - OUT -- CertMgr.java - getCertMgrObj - com.cisco.cpi.certMgmt.manager.TomcatCertMgr@1a52fdf
2014-06-26 09:19:59,705 INFO [main] - Dummy loadProperties
2014-06-26 09:19:59,705 INFO [main] - IN -- CertMgr.java - doOp(info) -
2014-06-26 09:19:59,705 INFO [main] - IN -- DefaultCertMgr.java - importCert(info) -
decode: true
op: import
unit: tomcat-trust
keystoreUnit:tomcat-trust
logFile: /var/log/active/platform/log/cert-mgmt.log
resultFile: /var/log/active/platform/log/certde-info.xml
keyDir: /usr/local/platform/.security/tomcat/keys
certDir: /usr/local/platform/.security/tomcat/trust-certs
srcCert: /usr/local/platform/upload/certs/UWF.UPSTREAMWORKS.root.pem
type: trust-certs
rootCACert: Dummy Root cert
trustDir: /usr/local/platform/.security/tomcat/trust-certs
DNAME: CN=<removed>.ps.upstreamworks.com,OU=8000 Jane Street,OU=Tower A,OU=Suite 401,O=Upstream Works Software Ltd.,L=Vaughan,ST=ON,C=CA
description:Signed Certificate
isDBInsert:true
2014-06-26 09:19:59,705 INFO [main] - IN -- DefaultCertMgr.java - loadInputCert(info) -
2014-06-26 09:20:00,206 DEBUG [main] - Loading RSA providers explicitly...
2014-06-26 09:20:02,062 DEBUG [main] - RSA providers are loaded explicitly...
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.1=JsafeJCE
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.2=RsaJsse
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.3=BC
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.4=SUN
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.5=SunRsaSign
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.6=SunJSSE
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.7=SunJCE
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.8=SunJGSS
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.9=SunSASL
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.10=XMLDSig
2014-06-26 09:20:02,062 DEBUG [main] - New security.provider.11=SunPCSC
2014-06-26 09:20:02,062 INFO [main] - IN -- RSACryptoEngine.java - loadCertificates(..) -
2014-06-26 09:20:02,062 INFO [main] - IN -- RSACryptoEngine.java - loadCertificate(..) -
2014-06-26 09:20:02,417 INFO [main] - OUT -- RSACryptoEngine.java - loadCertificate -
2014-06-26 09:20:02,417 INFO [main] - OUT -- RSACryptoEngine.java - loadCertificates -
2014-06-26 09:20:02,417 INFO [main] - OUT -- DefaultCertMgr.java - loadInputCert - Successfully loaded input cert
2014-06-26 09:20:02,417 DEBUG [main] - Checking validity of cert
2014-06-26 09:20:02,418 INFO [main] - Verifying certificate CN=*.UPSTREAMWORKS.com,O=UPSTREAMWORKS.com
2014-06-26 09:20:02,418 INFO [main] - IN -- CertUtil.java - parseCNfromDN(DN, sSearchStr) -
2014-06-26 09:20:02,418 DEBUG [main] - parseCNfromDN( certSubjDN: 'CN=*.UPSTREAMWORKS.com,O=UPSTREAMWORKS.com')
2014-06-26 09:20:02,418 DEBUG [main] - Truncating CN '*.UPSTREAMWORKS.com,O=UPSTREAMWORKS.com' -> '*.UPSTREAMWORKS.com'
2014-06-26 09:20:02,418 INFO [main] - OUT -- CertUtil.java - parseCNfromDN -
2014-06-26 09:20:02,418 DEBUG [main] - Parsed CN '*.UPSTREAMWORKS.com' from DN 'CN=*.UPSTREAMWORKS.com,O=UPSTREAMWORKS.com'
2014-06-26 09:20:02,419 INFO [main] - trying to load cert from trust store ::/usr/local/platform/.security/tomcat/trust-certs/_.UPSTREAMWORKS.com.pem
2014-06-26 09:20:02,419 INFO [main] - certificate exists in the trust store, checking for subjectCN
2014-06-26 09:20:02,419 ERROR [main] - /usr/local/platform/.security/tomcat/trust-certs/_.UPSTREAMWORKS.com.pem (Is a directory)
java.io.FileNotFoundException: /usr/local/platform/.security/tomcat/trust-certs/_.UPSTREAMWORKS.com.pem (Is a directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:120)
at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.loadCertFromFile(DefaultCertMgr.java:2250)
at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.getCertsToImport(DefaultCertMgr.java:2395)
at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.importTrustCerts(DefaultCertMgr.java:426)
at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.importCert(DefaultCertMgr.java:322)
at com.cisco.cpi.certMgmt.CertMgr.doOp(CertMgr.java:225)
at com.cisco.cpi.certMgmt.CertMgr.mainInternal(CertMgr.java:192)
at com.cisco.cpi.certMgmt.CertMgr.main(CertMgr.java:206)
2014-06-26 09:20:02,421 ERROR [main] - The file /usr/local/platform/.security/tomcat/trust-certs/_.UPSTREAMWORKS.com.pem is not found.
com.cisco.cpi.certMgmt.CertMgrException: The file /usr/local/platform/.security/tomcat/trust-certs/_.UPSTREAMWORKS.com.pem is not found.
at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.loadCertFromFile(DefaultCertMgr.java:2254)
at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.getCertsToImport(DefaultCertMgr.java:2395)
at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.importTrustCerts(DefaultCertMgr.java:426)
at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.importCert(DefaultCertMgr.java:322)
at com.cisco.cpi.certMgmt.CertMgr.doOp(CertMgr.java:225)
at com.cisco.cpi.certMgmt.CertMgr.mainInternal(CertMgr.java:192)
at com.cisco.cpi.certMgmt.CertMgr.main(CertMgr.java:206)
2014-06-26 09:20:02,421 INFO [main] - IN -- CertMgr.java - logResult(result, desc, resultFile) -
2014-06-26 09:20:02,421 INFO [main] - CertMgmt Operation Result : The file /usr/local/platform/.security/tomcat/trust-certs/_.UPSTREAMWORKS.com.pem is not found.
2014-06-26 09:20:02,422 INFO [main] - OUT -- CertMgr.java - logResult -
2014-06-26 09:20:02,422 INFO [main] - OUT -- CertMgr.java - doOp -
2014-06-26 09:20:02,422 INFO [main] - OUT -- CertMgr.java - mainIntenal -
- Labels:
-
Finesse
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2014 08:36 AM
Troubleshooting this requires some detailed investigation of logs. Recommend you open a TAC case (for UCCX product support).
http://www.cisco.com/en/US/partner/support/tsd_cisco_worldwide_contacts.html#numbers<http://www.cisco.com/en/US/partner/support/tsd_cisco_worldwide_contacts.html>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide