Guest

Preview Tool

Cisco Bug: CSCuj97487 - Misleading exception in logs during upload of signed tomcat certificate

Last Modified

Oct 12, 2016

Products (4)

  • Cisco Unified Communications Manager IM & Presence Service
  • Cisco Unified Communications Manager IM and Presence Service Version 10.5
  • Cisco Unified Communications Manager IM and Presence Service Version 10.0
  • Cisco Unified Presence Version 8.6

Known Affected Releases

10.0(1) 10.5(1) 8.6(5) 9.1(2)

Description (partial)

Symptom:
When uploading a signed tomcat certificate the following error appears in the certMgmt logs:
2013-10-08 09:23:53,973 ERROR [main] - CA certificate KeyUsage extension does not contain 'Certificate Sign' flag
com.cisco.cpi.certMgmt.CertMgrException: CA certificate KeyUsage extension does not contain 'Certificate Sign' flag
	at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.validateCACert(DefaultCertMgr.java:926)
	at com.cisco.cpi.certMgmt.manager.TomcatCertMgr.importOwnCert(TomcatCertMgr.java:104)
	at com.cisco.cpi.certMgmt.manager.DefaultCertMgr.importCert(DefaultCertMgr.java:324)
	at com.cisco.cpi.certMgmt.CertMgr.doOp(CertMgr.java:225)
	at com.cisco.cpi.certMgmt.CertMgr.mainInternal(CertMgr.java:192)
	at com.cisco.cpi.certMgmt.CertMgr.main(CertMgr.java:206)

This is not exposed to the end user but will be seen if a support team are reviewing the logs after certificate signing.

Conditions:
Upload a CA signed tomcat certificate to a CUP node
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.