Certgroup file used for serverauth is not valid (Error 1094)

Unanswered Question
Sep 18th, 2009

I am configuring a content engine as an HTTPS server. I've successfully imported the server certificates, intermediate a ca certificates, and the key file. These were all given to me by the server administrator.

I created a chain group linking the server, intermediate, and ca certs. When I tried to apply and enable the HTTPS server I receive the error message:


/cfg/gl/cache/https/server/CEP/enable: Certgroup file used for serverauth is not valid (Error 1094)

I was unable to find this message on any Cisco documentation. Anyone come across this or can assist in suggesting how I can verify my process. thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinga.hcl Sat, 09/19/2009 - 12:55

Hi Jeffrey ,

Can you please tell which version of ACNS you are using,is it 5.1.13 or something else and what commands u r running to perform this activity so that i can figure out something more in your scenario.

Is it locally managed CE or globally managed CE.

Kindly answer the above questions so that i can try to find the exact knd of error.

In your scenario it is seeming that the Content Engine does not push the certificate to the client browser and an error is displayed indicating that the certificate has expired.

This problem can occur in situations such as the following:

ContentEngine(config)# https server testcer certgroup chain verisign

ContentEngine(config)# https server testcer certgroup serverauth verisign

ContentEngine(config)# https server testcer key siebel

ContentEngine(config)# https server testcer host

ContentEngine(config)# https server testcer enable


Certgroup file used for serverauth is not


Are you using the above kind of commands or some other command to complee your actvity , please share with me.

The problem is that the SSL standard states that the server will make the whole authentication chain available if the client has an expired root or intermediate certificate.

This is not a problem as long as the browser has unexpired( kindly noteI have said unexired) intermediate and root certificates for Verisign orsome other vendor you r usng as in the example abov the certificate vendor is verisign(it may be different in your case).

You can Load an active intermediate certificate in the browser as a workaround for this.

Hope it will work. If it does not work kindly revert.

Sachin Garg


This Discussion