Guest

Preview Tool

Cisco Bug: CSCul16038 - Tomcat cert with multiple critical extensions set to true not supported

Last Modified

Feb 01, 2017

Products (1)

  • Cisco Unified Communications Manager IM & Presence Service

Known Affected Releases

9.1(1.1)

Description (partial)

Symptom:
The Instance Messaging and Presence Administration GUI System Topology  page reports that all service status are 'UNKNOWN'. The Bulk Administration feature may also not execute bulk admin jobs in a multi-node environment.

Conditions:
The issue can occur in cases where the Instance Messaging and Presence tomcat component certificate is CA signed and the tomcat cert contains multiple extensions with the critical flag set to true.

Instance Messaging and Presence requires the following:
If one critical extension in the tomcat certificate is sent to true, it must be either A or B otherwise the certificate is rejected
If two critical extensions in the tomcat certificate are sent to true, they must be A and B otherwise the certificate is rejected

A) Subject may act as a CA (oid = 2.5.29.19)
B) KeyUsage (oid = 2.5.29.15 )
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.