Cisco Bug: CSCvv68075 - DRF Restore fails when using FIPS and CA signed IPSec certificates.
Sep 16, 2020
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
Symptom: Cannot perform a restore if FIPS is enabled and IPSEC policy is enabled with CA signed certificates. (IPSec, Tomcat, CCM) Errors observed in the logs: ERROR [NetServerWorker-10.0.1.151] - drfNetServerWorker.run: IOException caught: java.net.SocketException: Socket closed Error, intra-cluster communication is broken, unable to connect to.. ERROR [NetServerClient-pub] - NetworkServerClient::Send failure javax.net.ssl.SSLException: Certificate not verified. Caused by: com.rsa.sslj.x.aK: Certificate not verified. Caused by: java.security.cert.CertificateException: the certificate chain is not trusted, Could not validate path. INFO [drfLocalRegMonitorThread] - drfLocalWorker.isLAConnected(): Unable to contact server. Master or Local Agent could be down Conditions: Cluster is in FIPS mode and IPSEC policies are configured between the nodes.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases