Cisco Unified MeetingPlace, Release 7.0 -- Error Messages for Application Server SSL

From DocWiki

Jump to: navigation, search

Main page: Cisco Unified MeetingPlace, Release 7.0

Up one level: Troubleshooting



This topic lists error messages that may appear in the Administration Center.


Error Message: Unparseable certificate extensions: 2 [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false Unparseable AuthorityInfoAccess extension due to java.io.IOException: invalid URI name:file:// \\SAMPLE.string.com\CertEnroll\SAMPLE.string.com

Explanation: Java.net.URL does not handle UNC paths well, "file://\\" is not a valid URI due to the inclusion of '\\' characters as defined by RFC 2396.

Recommended Action: Sign the certificate without the URL that includes the UNC path.



Error Message: The uploaded certificate does not match any private key on disk. SSL cannot be enabled.

Recommended Action: Make sure that you are uploading the correct certificate. If necessary, obtain a new certificate, private key, and password.



Error Message: A certificate was not found in the uploaded file.

Explanation: There was an error parsing the certificate.

Recommended Action: Make sure that you are uploading the correct file. If the file is correct, it may have an unsupported format.



Error Message: Unable to recover the private key. Is the password correct?

Recommended Action: Make sure that you enter the correct password. If the password is correct, the private key file might be corrupted or have an unsupported format.



Error Message: Unable to locate a private key on disk. SSL cannot be enabled. You may need to generate a new CSR and obtain a new certificate.

Recommended Action: Generate a CSR and obtain a new certificate. If you created your own certificate, private key, and password, make sure that you enter all three items at the same time on the Enable SSL Page.



Error Message: The certificate you are trying to upload expired on <expiration-time>. The system time is now <system-time>. Cannot enable SSL.

Recommended Action: Check that the system time is correct. If necessary, obtain a new certificate.



Error Message: The certificate you are trying to upload is not yet valid. It will be valid from <valid-start-time>. The system time is now <system-time>.

Recommended Action: Check that the system time is correct, or wait until the certificate becomes valid.



Error Message: A CSR already exists. Generating a new CSR will make any certificate you have obtained for the existing CSR unusable. Please make sure you want to do this.

Recommended Action: You may ignore this message if you are replacing the certificate, private key, and password, or if you did not obtain a certificate for the previously generated CSR. Otherwise, click Cancel and do not generate a new CSR.



Error Message: Failed to generate CSR. Please try again.

Explanation: You entered invalid characters in the Generate Certificate Signing Request (CSR) Page if you see an exception in root.out with one of the following messages:

  • Improperly specified input name
  • Directory string too small
  • Incorrect ava format

Recommended Action: Avoid any special characters, and see Generating a Certificate Signing Request.



Error Message: Could not parse SSL certificate for Administration Center.

Explanation: The certificate file in the backup archive may be corrupt.

Recommended Action: Make sure that you specify the correct file.



Error Message: This is not a valid SSL configuration archive.

Explanation: You uploaded a backup archive, but it could not be read because it was corrupt or did not contain the expected files.

Recommended Action: Make sure that you specify the correct file.



Error Message: Unable to create backup archive.

Recommended Action: Manually back up the SSL configuration by saving the following files:

/usr/local/enrollment/certs/keystore (The keystore file contains the certificate and private key.)

/usr/local/enrollment/<hostname>_req.csr (This is the certificate signing request (CSR).)

/usr/local/enrollment/webCsr.xml (The webCsr.xml file contains the keystore password.)


To restore SSL from a manual backup:

  1. Manually copy the backed up files to the original directories.
  2. Go to the Enable SSL Page, which should indicate that the system found a valid certificate.
  3. Click OK to the prompt that asks if you want to reuse the system-found certificate to enable SSL.


If the system does not find the valid certificate, then do the following:

  1. Go to the Enable SSL Page.
  2. Upload the keystore file as both the Certificate file and the Private key file.
  3. Enter the password from the webCsr.xml file.


The password is the value between the <Password></Password> tags in this element path: EnrollmentClient/Certificates/Keystore/MapStore/Password

Note: There are multiple sets of <Password></Password> tags in the XML file. Make sure you get the password from the specified element path.


Related Topics

Rating: 0.0/5 (0 votes cast)

Personal tools