04-02-2019 08:45 AM
My CSPC data is not getting uploaded in to SNTC though we have registered the entitlement certificate. Considering the server hostname and the CSPC name shouls be same we generated a new registration certification however that is not getting uploaded in the CSPC as it gives error unable to read the contents.
> When I am trying to upload the data following error is displayed:
CSP0009038900:A connectivity exception occurred while processing the request. The exception is :: HTTPs transport mode has failed peer not authenticated.
We have checked that all the ports are opened so we are considering this might be a certificate issue however we are not able to register the certificate. Can you please let us know how the new certificate registration can succeed.
Solved! Go to Solution.
04-15-2019 10:30 AM
Thank you for the update. At this time please login to the CSPC CLI as collectorlogin and then su to root. From there please execute the command 'service concsotgw restart' and attempt a new upload.
04-02-2019 09:20 AM
Can you provide the current running version of the CSPC? (Help-->About-->View Versions)
Also, is this CSPC required to go through a proxy to reach the internet? Is there an SSL intercept action being taken for outgoing HTTPs traffic?
Thank you
04-02-2019 09:43 AM
Thanks for the response.
The version is 2.8 and the patch installed is the latest 2.8.1.2. There is no proxy involved here the SSL inspection is enabled but is in detect mode. Will this still impact the upload. Please clarify
04-02-2019 10:01 AM
The SSL inspection will break the certificate chain the CSPC uses to upload via HTTPs to Cisco. You can confirm this from the CLI using the command below while logged in as root;
openssl s_client -connect concsoweb-prd.cisco.com:443
The expected output should look like this;
[root@localhost ~]# openssl s_client -connect concsoweb-prd.cisco.com:443
CONNECTED(00000003)
depth=2 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/C=US/ST=CA/L=San Jose/O=Cisco Systems, Inc./CN=concsoweb-prd.cisco.com
i:/C=US/O=HydrantID (Avalanche Cloud Corporation)/CN=HydrantID SSL ICA G2
1 s:/C=US/O=HydrantID (Avalanche Cloud Corporation)/CN=HydrantID SSL ICA G2
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
2 s:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
---
04-15-2019 07:44 AM
@jofrumki thanks for the response I have tried after removing the exception and it works as mentioned below, however the upload was not successful when I checked I saw that it is also trying to communicate with natkit-upload.cisco.com, though not sure whether this is the source of the problem or the certificate is the source of the problem. However when I am trying to generate a new certifcicate from smart service and assign it to the CSPC tool it fails saying unable to read the contents of the registration certificate file
04-15-2019 09:05 AM
Can you provide screenshots of the error seen while uploading as well as the error while attempting to use the new certificate?
04-15-2019 09:18 AM
04-15-2019 09:20 AM
04-15-2019 10:30 AM
Thank you for the update. At this time please login to the CSPC CLI as collectorlogin and then su to root. From there please execute the command 'service concsotgw restart' and attempt a new upload.
04-17-2019 02:30 PM
@jofrumki restaring the service fixed the issue. Thanks for your help
04-15-2019 07:44 AM
@jofrumki thanks for the response I have tried after removing the exception and it works as mentioned below, however the upload was not successful when I checked I saw that it is also trying to communicate with natkit-upload.cisco.com, though not sure whether this is the source of the problem or the certificate is the source of the problem. However when I am trying to generate a new certifcicate from smart service and assign it to the CSPC tool it fails saying unable to read the contents of the registration certificate file
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide