07-24-2018 12:21 AM
Some of our customers use an access control system based on Cisco Physical Access Manager 1.3, 1.4
From Thursday / Friday (07.19.2018 - 07.20.2018) with CPAM global problems have begun.
All Cisco Physical Access Gateway controllers are no longer connected to the CPAM server.
The following is written in the /opt/cisco/cpam/logs/cpsm.log:
Thread-26 ERROR comm-comm.TransportContext: Error In Completing The SSL Handshake. Exception: Received fatal alert: certificate_expired Thread-26 ERROR deviceconfig-config.GwConnStateListener: Error in handing gatewayConnectionReset ip = 10.2.120.21 and port = 1.311
where 10.2.120.21 0 the IP addresses of the controller / controllers with which there are problems.
As I understand, by mistake there is some problem with the ssl certificate, more precisely with its validity.
not finding the information on the solution had to solve bypass - disabling the ssl connection between the server and the controller.
I understand that the problem should already be known. since at least three clients showed up.
Tell me how to solve it the right way?
Solved! Go to Solution.
07-24-2018 12:42 AM
Hey,
we have fix for the CPAM server, you can find the script - https://software.cisco.com/download/home/282089927/type/282463808/release/1.5.3
Please go though the Readme file from zip as per your CPAM deployment follow the procedure.
This fix addressed the CPAM SSL certificate expired issue.
***STANDALONE*** server patch deployment instructions:
===========================================
1. ftp/winscp the certificate.zip to the ICPAM server as cpamadmin user
2. ssh to server as cpamadmin
3. # sudo su -
4. # cd /home/cpamadmin
5. # unzip certificate.zip
6. # cd certpatch
7. # bash certificate_update.sh
* IF any issues persist plesae go to web admin console > monitoring > click stop on the server and then start.
Ensure to backup server config and events before performing these activity.
Regards,
Raghav.
07-24-2018 12:42 AM
Hey,
we have fix for the CPAM server, you can find the script - https://software.cisco.com/download/home/282089927/type/282463808/release/1.5.3
Please go though the Readme file from zip as per your CPAM deployment follow the procedure.
This fix addressed the CPAM SSL certificate expired issue.
***STANDALONE*** server patch deployment instructions:
===========================================
1. ftp/winscp the certificate.zip to the ICPAM server as cpamadmin user
2. ssh to server as cpamadmin
3. # sudo su -
4. # cd /home/cpamadmin
5. # unzip certificate.zip
6. # cd certpatch
7. # bash certificate_update.sh
* IF any issues persist plesae go to web admin console > monitoring > click stop on the server and then start.
Ensure to backup server config and events before performing these activity.
Regards,
Raghav.
07-24-2018 12:53 AM
We haven't active service contracts for download this script.
Can you do it public?
07-26-2018 01:10 PM
07-27-2018 11:28 AM - edited 07-27-2018 11:28 AM
Thank you, this was helpful and I believe it worked. What is the best way to verify this was successful? Is there a way to view the updated SSL certificate in the CLI or in the web interface?
07-27-2018 01:50 PM
07-27-2018 02:18 PM
The patch should restart services for you. If you're having any issues, please start and stop services from the web interface
07-28-2018 06:10 PM
07-27-2018 02:17 PM
07-28-2018 06:09 PM
Thank you, the patch worked.
08-20-2018 01:40 AM
Hi, I tried download with my account and getting below error.
08-06-2023 08:40 AM
Hello guys,
I need the firmware for cpam gateway and it is no longer available on Cisco,
ciac-gw-sw-k9-1.5.3_0.3.6.bin - appreciate if you can support
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: