Showing results for 
Search instead for 
Did you mean: 
Frequent Contributor

Connection to the Server cannot be established (Certificate Exception)


In my Lab I am setting up: 2x CUCM and 2 IMP servers (all 10.5 version)

The new IMP versions are part of the cluster, so each IMP server is a subscriber in CUCM (publisher)

I want to activate the services on the IMP server from the CUCM (Cisco Unified Serviceability: Tools/Service activation)

From the CUCM publisher I can activate the CUCM sub and the FIRST(!) IMP

When I use the drop down (Select Server) and select the second IMP server I get the error: "Connection to the Server cannot be established (Certificate Exception) "

Since this was a lab, I reinstalled everything from scratch, but the same result I can't connect from my CUCM pub to the second IMP

When I execute the comand "show network cluster" everything seems OK. Normally this error is with expired tomcat certificate, but this is a fresh install. the certificates are valid for 5 years!


Any idea?






Accepted Solutions
Hall of Fame Community Legend

Hi JH, It sounds like you may

Hi JH,


It sounds like you may be hitting this 10.5 bug;


Connection to the Server cannot be established (Certificate Exception)




Hall of Fame Community Legend

Hi JH, It sounds like you may

Hi JH,


It sounds like you may be hitting this 10.5 bug;


Connection to the Server cannot be established (Certificate Exception)




Frequent Contributor

Hi Rob, Thank you, this seems

Hi Rob,


Thank you, this seems to be the case.

But it is even weirder, after I posted this discussion, I configured on CUCM (Presence Redundancy Group) and added the second server. Then I had lunch and after I came back I can access the second IMP from the CUCM publisher. After reading the bug, it seems that there is an issue with sync of the databases. Especially this from the bug "But the output of utils dbreplication status shows the replicates are not in sync in various certificate related tables and replicationdynamic table" seems to be the issue.

In this case it finally worked, and the databases were synchronized.


Thanks again!





I have this issue with CUCM

I have this issue with CUCM 10.5.2 which looks like its not effected by this bug, 1 Pub + 4 Subs. Its not letting me add IM+P servers to the cluster either, im assuming it due to this issue (servers have been added to CUCM) but during the install fails to get passed the network connectivity validation.

I can ping the IMP server from CUCM.


Hi RichardI'm running into

Hi Richard

I'm running into the same issue - Network Connectivity seems to loop but everything is okay (ip in server list, ping okay, DNS okay).

How did you solve this?




This bug is now internal-only

This bug is now internal-only on Bug Search and I can't see any fix for this.


Can anyone assist with troubleshooting steps for this?  We have 2CUCM/2IMP servers.  From either IMP server we cannot view the CUCM PUB from Serviceability.


Resolved this! I noted one

Resolved this!


I noted one the CUCM Publisher that there were 2 ipsec-trust certificates for the same node.... with different cases...


By this I mean:





I checked on the IM and P nodes, and these only had one of the certificates.  On our CUCM SUB, this had both certificates, and was not having any problems.


I downloaded the ipsec-trust certificate from the PUB and uploaded this to both IM and P nodes, restarting Cisco Tomcat (not needed on the Publisher).  This resolved the issue.


i just had this on a fresh

i just had this on a fresh build of 11.

The CUCM had no IMP related certs in it, and the IMP had no CUCM related certs.

I took the tomcat and ipsec certs from each, uploaded to the other and it worked.  No tomcat restart necessary for me.

Cisco Employee

Absolutely correct carlnewton

Absolutely correct carlnewton, this issue only happens when the tomcat certificates are missing on one server or both. In an ideal situation, subscriber server should have its own tomcat certificate along with the publisher certificate and vice versa. If the tomcat certificate are missing for the other server and if you connect to that sercer, the certificate exception will always appear.




Hi Deepak,

Hi Deepak,

Thanks for the confirmation.  My post was more to highlight that I experienced this bug in version 11.0 (Even though its a 10.5 bug ID) for anyone who might stumble upon this thread running 11.0


Resolved! In my case I noted



In my case I noted that there had been a hostname case-sensitivity change, and the new ipsec-trust certificates had been propagated to the CUCM SUB, but not the IMP nodes.


I downloaded the new ipsec-trust certificate from the PUB and uploaded this to both IMP nodes, restarting the Cisco Tomcat services of the affected servers.


This resolved the issue.

Re: Hi JH, It sounds like you may

Hi Rob,


I have same problem with CUCM 11.5 and there are not IMP&M servers installed.

Could you help me, please?


best regards,


If this helps, do not forget, rate!!

Yep, reimporting the tomcat

Yep, reimporting the tomcat cert (pem) from the server that you cannot connect to did the trick.


Re: Yep, reimporting the tomcat

Hi, I'm having this issue as well.


When I attempt to upload the missing Tomcat cert (PEM), the upload is denied with a red "X" stating "Self-signed certificate."


What am I doing wrong here?

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards