04-11-2023 06:51 AM
I am running a 2-node v12.5.1.15900-5 IM&P set up.
CUP Certificates are CA-Signed and set to expire on 5/19/23 (generating new ones early as I had several CA-Signed IPSEC certs expiring on 4/21 so I wanted to group them all together)
I generated CSRs for both Pub and Sub servers
Pulled down CA-Signed certificates and the Root/Sub CA Certificates
Installed root and Sub CA certs as cup-trust certs
Uploaded Pub Cert successfully
Sub Cert failed to upload with “Failed to perform the operation”. WHAT??
Things I have tried with no success:
-Regenerated new CSR and new Certificate
-Rebooted Sub
-Restarted SIP proxy service and Presence Engine on both servers
Before I open a TAC Case on this, I figured I would reach out and see if there was anything else I can check.
Where would I look in RTMT Logs to see what this generic error means?
04-11-2023 07:14 AM
I found in the Audit Logs:
14:26:08.147 |LogMessage --snip-- EventStatus : Failure --snip-- AuditDetails : Upload Certificate with Certificate Purpose=cup Description=Self-signed certificate FileName=CUP.cer failed App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
14:26:08.187 |LogMessage --snip-- EventStatus : Failure --snip-- AuditDetails : Upload certificate cup failed. App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
15:57:06.070 |LogMessage --snip-- EventStatus : Success --snip-- AuditDetails : Generate Certificate Signing Request with Common Name=SubCUP.server Certificate Purpose=cup Distribution=This-server Parent Domain=area52.afnoapps.usaf.mil,SubCUP.server Key Length=2048 Hash Algorithm=SHA256 successful App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
15:57:27.855 |LogMessage --snip-- EventStatus : Success --snip-- AuditDetails : Download certificate cup. App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
16:06:36.607 |LogMessage --snip-- EventStatus : Failure --snip-- AuditDetails : Upload Certificate with Certificate Purpose=cup Description=Self-signed certificate FileName=CUP.cer failed App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
16:06:36.608 |LogMessage --snip-- EventStatus : Failure --snip-- AuditDetails : Upload certificate cup failed. App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
09:43:22.656 |LogMessage --snip-- EventStatus : Failure --snip-- AuditDetails : Upload Certificate with Certificate Purpose=cup Description=Self-signed certificate FileName=CUP.cer failed App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
09:43:22.695 |LogMessage --snip-- EventStatus : Failure --snip-- AuditDetails : Upload certificate cup failed. App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
09:53:24.529 |LogMessage --snip-- EventStatus : Failure --snip-- AuditDetails : Upload Certificate with Certificate Purpose=cup Description=Self-signed certificate FileName=CUP.cer failed App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
09:53:24.532 |LogMessage --snip-- EventStatus : Failure --snip-- AuditDetails : Upload certificate cup failed. App ID: Cisco Tomcat Cluster ID: Node ID: SubCUP.server
It seems to be trying to upload the certificate as Self-Signed?
01-25-2024 01:15 PM
From my experience I was able to work this issue out between myself and one of my colleagues. In case you encounter an upload failure to Tomcat, it is necessary to upload the signing CA and Root certificates to the "tomcat-trust" for successful uploading of the .pem file to the “tomcate”. Work with your certification authority (CA) provider to furnish you with the CA and Root certificates.
Navigate to the Operating System Administration by selecting "Navigation" in the upper right-hand corner. Proceed to the "Security" tab, and from the dropdown menu, select "Certificate Manager." This action will direct you to the Certificate list, where all your certificates are displayed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide