Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2065
Views
10
Helpful
10
Replies

Adding a new registration certificate fails

Go to solution
dganta
Level 1
Level 1

‎04-02-2019 08:45 AM

My CSPC data is not getting uploaded in to SNTC though we have registered the entitlement certificate. Considering the server hostname and the CSPC name shouls be same we generated a new  registration certification however that is not getting uploaded in the CSPC as it gives error unable to read the contents.

 

> When I am trying to upload the data following error is displayed:

CSP0009038900:A connectivity exception occurred while processing the request. The exception is :: HTTPs transport mode has failed peer not authenticated.

We have checked that all the ports are opened so we are considering this might be a certificate issue however we are not able to register the certificate. Can you please let us know how the new certificate registration can succeed.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jofrumki
Cisco Employee
Cisco Employee
In response to dganta

‎04-15-2019 10:30 AM

Thank you for the update. At this time please login to the CSPC CLI as collectorlogin and then su to root. From there please execute the command 'service concsotgw restart' and attempt a new upload.

View solution in original post

10 Replies 10

Go to solution
jofrumki
Cisco Employee
Cisco Employee

‎04-02-2019 09:20 AM

Can you provide the current running version of the CSPC? (Help-->About-->View Versions)

Also, is this CSPC required to go through a proxy to reach the internet? Is there an SSL intercept action being taken for outgoing HTTPs traffic?

Thank you

0 Helpful

Go to solution
dganta
Level 1
Level 1
In response to jofrumki

‎04-02-2019 09:43 AM

Thanks for the response.

 

The version is 2.8 and the patch installed is the latest 2.8.1.2.  There is no proxy involved here the SSL inspection is enabled but is in detect mode. Will this still impact the upload. Please clarify

0 Helpful

Go to solution
jofrumki
Cisco Employee
Cisco Employee
In response to dganta

‎04-02-2019 10:01 AM

The SSL inspection will break the certificate chain the CSPC uses to upload via HTTPs to Cisco. You can confirm this from the CLI using the command below while logged in as root;

openssl s_client -connect concsoweb-prd.cisco.com:443

 

The expected output should look like this;

[root@localhost ~]# openssl s_client -connect concsoweb-prd.cisco.com:443
CONNECTED(00000003)
depth=2 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/C=US/ST=CA/L=San Jose/O=Cisco Systems, Inc./CN=concsoweb-prd.cisco.com
i:/C=US/O=HydrantID (Avalanche Cloud Corporation)/CN=HydrantID SSL ICA G2
1 s:/C=US/O=HydrantID (Avalanche Cloud Corporation)/CN=HydrantID SSL ICA G2
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
2 s:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
---

0 Helpful

Go to solution
dganta
Level 1
Level 1
In response to jofrumki

‎04-15-2019 07:44 AM

@jofrumki thanks for the response I have tried after removing the exception and it works as mentioned below, however the upload was not successful when I checked I saw that it is also trying to communicate with natkit-upload.cisco.com, though not sure whether this is the source of the problem or the certificate is the source of the problem. However when I am trying to generate a new certifcicate from smart service and assign it to the CSPC tool it fails saying unable to read the contents of the registration certificate file

0 Helpful

Go to solution
jofrumki
Cisco Employee
Cisco Employee
In response to dganta

‎04-15-2019 09:05 AM

Can you provide screenshots of the error seen while uploading as well as the error while attempting to use the new certificate?

0 Helpful

Go to solution
dganta
Level 1
Level 1
In response to jofrumki

‎04-15-2019 09:18 AM

Please see the screen shots below

 

Preview file
81 KB
0 Helpful

Go to solution
dganta
Level 1
Level 1
In response to dganta

‎04-15-2019 09:20 AM

Attaching Zip file for all the screenshots

CSPCuploadfail.zip
0 Helpful

Go to solution
jofrumki
Cisco Employee
Cisco Employee
In response to dganta

‎04-15-2019 10:30 AM

Thank you for the update. At this time please login to the CSPC CLI as collectorlogin and then su to root. From there please execute the command 'service concsotgw restart' and attempt a new upload.

Go to solution
dganta
Level 1
Level 1
In response to jofrumki

‎04-17-2019 02:30 PM

@jofrumki restaring the service fixed the issue. Thanks for your help

Go to solution
dganta
Level 1
Level 1
In response to jofrumki

‎04-15-2019 07:44 AM

@jofrumki thanks for the response I have tried after removing the exception and it works as mentioned below, however the upload was not successful when I checked I saw that it is also trying to communicate with natkit-upload.cisco.com, though not sure whether this is the source of the problem or the certificate is the source of the problem. However when I am trying to generate a new certifcicate from smart service and assign it to the CSPC tool it fails saying unable to read the contents of the registration certificate file

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents