Guest

Preview Tool

Cisco Bug: CSCvu92744 - regenerated cert is not trusted if CCX had multi-SAN cert before enabling FIPS

Last Modified

Oct 13, 2020

Products (1)

  • Cisco Unified Contact Center Express

Known Affected Releases

12.5(1)

Description (partial)

We are seeing issue if two nodes of HA UCCX is signed by CA as Multi SAN (Both nodes present in Common Name) is FIPS enabled. We don’t see this issue if CA has signed individually for both nodes.
 
 Once the self signed certificate are generated during FIPS enable they have to be copied in trust-store for secure communication between different components in the box. This is not happening and we are seeing SSL issues.

Symptom:
The self singed certificate generated after FIPS is enabled is not stored in trust-store in Publisher node, so the secure communication between the processes on the box fail.

5537: Jul 03 12:31:31.280 IST %MADM-REST_CLIENT-7-EXCEPTION:com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: the certificate chain is not trusted, Could not validate path.

Conditions:
When FIPS is enabled on HA box where Multi SAN CA signed certificate exists
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.