Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SCA chained certs

I've got an older CSS-SCA-2FE-K9. We used to get our certs via VeriSign, and than switched to Entrust.

I've repeated this conversion process several times as our Verisign certs expired.

Whenever I've submitted a CSR, I always received a single file back containing the new cert. This time around, I actually received 2 file from Entrust. One is "xxxSSLCert.txt", the other is "xxxCrossCert.txt".

Not bieng familiar with anything "Cross" related, I applied the "SSLCert" file to my SCA, associated it and the corresponding key to my SSL server, and all appears to be fine.

I use the same cert for 3 environments (production, development, and test). I applied the new cert/key to both development and test. The development system works fine, but the Test system has stopped.

When I do a "show ssl sessions" on the SCA, I see the following:

For 'wasportaltest':

SSL New Accepts - Started (NAS): 5

SSL Reneg - Requested (RR): 0

SSL New Accept/Renegot - Finished (AF): 0

SSL v2 New Accepts - Started (V2AS): 0

SSL v2 New Accept/Renegot - Finished (V2AF): 0

SSL Session Lookup Misses (SLM): 0

Reuse Attempt on Timed Out Session (RATS): 0

Session Removed Due to Full Cache: (SRFC) 0

Session Reuse Actually Done (SRAD): 0


Sorry for the output formatting. But the only counter that increments is the first one. The folks testing the system tell me they see SSL Handshake errors.

I can't figure out why one system works, and the other does not when the only thing that changed was I pointed both SSL servers to the new cert/key pair. If there was an issue with the pair, I would expect some sort of error message.

Like I said, I've done this many times in the past with no problems. It's usually a prett seamless process. The only different thing this time around is I received 2 certs in response to my CSR.

Anybody familair with this siutation? Mayeb somebody could point me in a direction to resolve this...Certificate Groups?!?!?!



New Member

Re: SCA chained certs

Hope this Link Helps,



HP Enterprise Services