cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5395
Views
0
Helpful
9
Replies

Mobile and Remote Access VCS-C AXL Error

Paul Woelfel
Level 4
Level 4

Hi Community!

I tried to enable Mobile and Remote Access, but I'm having a issue with adding the IM&P Servers. If I want to discover the IM&P servers, the VCS fails when reading some internal root certificates. 

That's the AXL Request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/8.0"> <soapenv:Header/> <soapenv:Body> <ns:getCertificates sequence="?"> <userid>admin</userid> <component>SERVICE_ESP</component> </ns:getCertificates> </soapenv:Body> </soapenv:Envelope>

That's the response:

management UTCTime="2014-02-03 15:54:18,53" Module="network.axl" Level="DEBUG" Action="Received" URL="https://cupsserver.internal:8443/axl/" Function="getCertificates" Status="500" Content=" <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>/usr/local/sip/.security/cert_cache/SERVICE_ESP/RootCA.pem (No such file or directory)</faultstring><detail><axlError><axlcode>-1</axlcode><axlmessage>/usr/local/sip/.security/cert_cache/SERVICE_ESP/RootCA.pem (No such file or directory)</axlmessage><request>getCertificates</request></axlError></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope> "

The certificate file is our internal root CA. The internal certificates on VCS-C, CUCM and CUPS are issued from this CA. The ca certificate is added to all *-trust stores on the CUP and CUCM.

Any ideas, why this certificate can't be loaded from the IM&P server?


Regards,
Paul        

Regards, Paul
9 Replies 9

Martin Koch
VIP Alumni
VIP Alumni

Did not look that much into it in general, but sounds to me that the rootca does not exist on the server which you connect to.

sure that all is generated and uploaded fine?

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

The root certificate is there, why else should it try to be loaded?

The file name is not rootca.pem, but the real file name of our root ca. So it is not just some file which includes some cas, but exactly the file for our root ca.


Regards,
Paul

Regards, Paul

Hi Paul, I have a TAC case open on this.  Did you ever come up with a solution for this?

Hi,

has this ever been solved? I've the same issue with VCS-C X8.2.2 and IM&P 10.5.1

 

Thanks

Oliver

Hi Oliver,

this was an issue with IM&P 9. Did you upgrade to IMP&P 10.5 ?

If so, you can try to recreate your certificates. 

Regards, Paul

Hi Paul,

yes IM&P was upgraded to 10.5.1. VCS-C was freshly installed after IM&P upgrade. In IM&P node I see the following exeption when AXL request is generated from VCS:

java.io.FileNotFoundException: /usr/local/sip/.security/cert_cache/SERVICE_ESP/jns_Root_Certificate_Authority.pem (No such file or directory)

I already re-uploaded root cert, but the error stays

 

Hi Oliver,

the issue is on the IM&P side. If you recreate the IM&P certificates, this might fix your issue. 

Alternatively you can open a TAC case. The TAC engineer can get root access to you IM&P and fix that issue. There is also a bug for that, but I do not have the ID.

Regards, Paul

ok, I already tried to re-upload all trust-certs in IM&P which didn't change the behavior. Know I deleted those root certs and uploaded again.....and voila: works now.

Thank you very much, this did the trick!

Hello eveybody,

I had same issue with IM&P ver 10.5.1.10000-9, I apply certificates from Microsoft CA Server and then when I wanted to add IM&P to Expressway-C 8.2.1 I received the same error.

I only update the IM&P software to 10.5.1.13900-2 then I could add CUP to Expressway-C.

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: