03-05-2014 07:05 AM - edited 03-10-2019 09:29 PM
Hello all,
by my fault, I've set invalid management certificate. So, the GUI became unaccessible right after reboot of the mgmt service.
Mozila Firefox is reporting "Certificate type not approved for application (Error code: sec_error_inadequate_cert_type)"
IE tells "IE cannot display the webpage"
(both browsers asked for security exception because of new cert)
I went to acs-config mode and tried to reset the certificate by "reset-management-interface-certificate" command, but it failed:
Resetting ACS Management Interface Certificate...
Failed to Reset Management Interface Certificate.
See the logs for more details.
==> /opt/CSCOacs/logs/acsRuntime.log <==
PKILogic,04/03/2014,18:06:09:474,ERROR,3081878416,cntx=0000000460,PKILogic::onGenerateSelfSignedCertificateEx2Request: MD5 digest is not supported,PKILogic.cpp:359
Then I tried "acs restore", but it didn't solve the problem neither, invalid certificate is still there :-(
Any idea how to solve it?
Thanks
P.S.: the version is: 5.4.0.46.5
03-05-2014 07:36 AM
Try this:
reset-management-interface-certificate
To reset the management interface certificate to a default self-signed certificate, use the reset-management-interface-certificate command in the ACS Configuration mode. Only the super admin and system admin can run this command.
Command Reference:
~BR
Jatin Katyal
**Do rate helpful posts**
03-05-2014 08:42 AM
Hi Jatin,
I actually did that, but it failed:
Resetting ACS Management Interface Certificate...
Failed to Reset Management Interface Certificate.
See the logs for more details.
(The log is attached in my initial post)
Thanks for your reply.
03-08-2014 10:29 AM
Hi, I am unable to to log onto my GUI even though I successfully ran reset-management-interface-certificate command in the ACS Configuration mode twice. In acsRuntime.log I have errors like :
When I manually created a certificate
ERROR PKILogic::onGenerateSelfSignedCertificateEx2Request:Generation failed ; error=Invalid certificate subject DN length,PKILogic.cpp:378Eap, 07/03/2014 18:05:165,WARN ,3010931616,NIL-CONTEXT,configureCTL = Failed to initializeCTL,EapConfigObjectBase.cpp:335
When I ran the reset certificate CLI command
ERROR, 3056110496,NIL-CONTEXT,DeviceAttrFactory::createAttrValue with marker = " .DeviceAttrFactory.cpp:29 Shellprofile, 07/03/2014
When I attempt to use the GUI.... ERROR,2954697632,onException - reason activemq::to::SocketInputStream::read - The connection is broken; state connected; stack trace: activemq::io::SocketInputStream::read - The connection is broken
Will a restore help?
03-10-2014 07:03 AM
Hi Stuart,
that's good point, the "restore" maybe could solve it, but I haven't made full backup before :-(
And "acs restore" didn't fix the problem for me.
I had to re-install the ACS at the end:
1) application remove acs
2) application install ACS_5.4.0.46.0a.tar.gz "repository" (tftp repository doesn't work)
3) acs patch install 5-4-0-46-6.tar.gpg repository "repository"
4) acs restore backup.tar.gpg repository "repository"
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide