Preview Tool

Cisco Bug: CSCvi93445 - Smart Call Home fails because certificates are not in CUCM cert trust store

Last Modified

Jun 05, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases


Description (partial)

"HTTPS Connection ERROR: Please check DNS configuration for Smart Call Home server. If DNS is set correctly, check if a valid Smart Call Home server certificate is present in the tomcat's trust-store.. Call Home Configuration saved successfully"

The error above is the error we see in the GUI when trying to setup smart call home and the error below is the error we see in the logs on CUCM.

2018-03-28 11:23:56,778 ERROR [http-bio-443-exec-48854] controller.SCHTrustManager - checkServerTrusted: Certificate not found in the keystore : the certificate chain is not trusted, Could not validate path.

When you check CUCM cert management in OS Admin we see a cert with subject name "Symantec Class 3 Secure Server CA - G3"; however, in a pcap I can see "Symantec Class 3 Secure Server CA - G4" signed the certificate for The difference is the trailing G3 versus G4.

This bug is a request to add "Symantec Class 3 Secure Server CA - G4" to newer versions of CUCM or even better, add the root certficate whish is "VeriSign Class 3 Public Primary Certification Authority - G5".

Enabling Smart Call Home (SCH) with HTTPS and you don't see a certificate with "Symantec Class 3 Secure Server CA - G4" as the subject name on  the system.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.