Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
1
Replies

Certgroup file used for serverauth is not valid (Error 1094)

axa-wongjeff
Level 1
Level 1

‎09-18-2009 06:23 PM

I am configuring a content engine as an HTTPS server. I've successfully imported the server certificates, intermediate a ca certificates, and the key file. These were all given to me by the server administrator.

I created a chain group linking the server, intermediate, and ca certs. When I tried to apply and enable the HTTPS server I receive the error message:

Agency-CEa(config-https)#enable

/cfg/gl/cache/https/server/CEP/enable: Certgroup file used for serverauth is not valid (Error 1094)

I was unable to find this message on any Cisco documentation. Anyone come across this or can assist in suggesting how I can verify my process. thanks.

Labels:
0 Helpful
1 Reply 1

sachinga.hcl
Level 4
Level 4

‎09-19-2009 12:55 PM

Hi Jeffrey ,

Can you please tell which version of ACNS you are using,is it 5.1.13 or something else and what commands u r running to perform this activity so that i can figure out something more in your scenario.

Is it locally managed CE or globally managed CE.

Kindly answer the above questions so that i can try to find the exact knd of error.

In your scenario it is seeming that the Content Engine does not push the certificate to the client browser and an error is displayed indicating that the certificate has expired.

This problem can occur in situations such as the following:

ContentEngine(config)# https server testcer certgroup chain verisign

ContentEngine(config)# https server testcer certgroup serverauth verisign

ContentEngine(config)# https server testcer key siebel

ContentEngine(config)# https server testcer host 209.165.201.128

ContentEngine(config)# https server testcer enable

/cfg/gl/cache/https/server/tsiebel/enable:

Certgroup file used for serverauth is not

valid

Are you using the above kind of commands or some other command to complee your actvity , please share with me.

The problem is that the SSL standard states that the server will make the whole authentication chain available if the client has an expired root or intermediate certificate.

This is not a problem as long as the browser has unexpired( kindly noteI have said unexired) intermediate and root certificates for Verisign orsome other vendor you r usng as in the example abov the certificate vendor is verisign(it may be different in your case).

You can Load an active intermediate certificate in the browser as a workaround for this.

Hope it will work. If it does not work kindly revert.

Sachin Garg

0 Helpful
Customers Also Viewed These Support Documents