Cisco Bug: CSCvi93445 - Smart Call Home fails because tools.cisco.com certificates are not in CUCM cert trust store
Jun 05, 2018
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
Symptom: "HTTPS Connection ERROR: Please check DNS configuration for Smart Call Home server. If DNS is set correctly, check if a valid Smart Call Home server certificate is present in the tomcat's trust-store.. Call Home Configuration saved successfully" The error above is the error we see in the GUI when trying to setup smart call home and the error below is the error we see in the logs on CUCM. 2018-03-28 11:23:56,778 ERROR [http-bio-443-exec-48854] controller.SCHTrustManager - checkServerTrusted: tools.cisco.com Certificate not found in the keystore : the certificate chain is not trusted, Could not validate path. When you check CUCM cert management in OS Admin we see a cert with subject name "Symantec Class 3 Secure Server CA - G3"; however, in a pcap I can see "Symantec Class 3 Secure Server CA - G4" signed the certificate for tools.cisco.com. The difference is the trailing G3 versus G4. This bug is a request to add "Symantec Class 3 Secure Server CA - G4" to newer versions of CUCM or even better, add the root certficate whish is "VeriSign Class 3 Public Primary Certification Authority - G5". Conditions: Enabling Smart Call Home (SCH) with HTTPS and you don't see a certificate with "Symantec Class 3 Secure Server CA - G4" as the subject name on the system.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases