Certgroup file used for serverauth is not valid (Error 1094)
I am configuring a content engine as an HTTPS server. I've successfully imported the server certificates, intermediate a ca certificates, and the key file. These were all given to me by the server administrator.
I created a chain group linking the server, intermediate, and ca certs. When I tried to apply and enable the HTTPS server I receive the error message:
/cfg/gl/cache/https/server/CEP/enable: Certgroup file used for serverauth is not valid (Error 1094)
I was unable to find this message on any Cisco documentation. Anyone come across this or can assist in suggesting how I can verify my process. thanks.
Re: Certgroup file used for serverauth is not valid (Error 1094)
Hi Jeffrey ,
Can you please tell which version of ACNS you are using,is it 5.1.13 or something else and what commands u r running to perform this activity so that i can figure out something more in your scenario.
Is it locally managed CE or globally managed CE.
Kindly answer the above questions so that i can try to find the exact knd of error.
In your scenario it is seeming that the Content Engine does not push the certificate to the client browser and an error is displayed indicating that the certificate has expired.
This problem can occur in situations such as the following:
ContentEngine(config)# https server testcer certgroup chain verisign
ContentEngine(config)# https server testcer certgroup serverauth verisign
ContentEngine(config)# https server testcer key siebel
ContentEngine(config)# https server testcer host 220.127.116.11
ContentEngine(config)# https server testcer enable
Certgroup file used for serverauth is not
Are you using the above kind of commands or some other command to complee your actvity , please share with me.
The problem is that the SSL standard states that the server will make the whole authentication chain available if the client has an expired root or intermediate certificate.
This is not a problem as long as the browser has unexpired( kindly noteI have said unexired) intermediate and root certificates for Verisign orsome other vendor you r usng as in the example abov the certificate vendor is verisign(it may be different in your case).
You can Load an active intermediate certificate in the browser as a workaround for this.
Hope it will work. If it does not work kindly revert.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...