Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Mobile and Remote Access VCS-C AXL Error

Hi Community!

I tried to enable Mobile and Remote Access, but I'm having a issue with adding the IM&P Servers. If I want to discover the IM&P servers, the VCS fails when reading some internal root certificates. 

That's the AXL Request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/8.0"> <soapenv:Header/> <soapenv:Body> <ns:getCertificates sequence="?"> <userid>admin</userid> <component>SERVICE_ESP</component> </ns:getCertificates> </soapenv:Body> </soapenv:Envelope>

That's the response:

management UTCTime="2014-02-03 15:54:18,53" Module="network.axl" Level="DEBUG" Action="Received" URL="https://cupsserver.internal:8443/axl/" Function="getCertificates" Status="500" Content=" <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>/usr/local/sip/.security/cert_cache/SERVICE_ESP/RootCA.pem (No such file or directory)</faultstring><detail><axlError><axlcode>-1</axlcode><axlmessage>/usr/local/sip/.security/cert_cache/SERVICE_ESP/RootCA.pem (No such file or directory)</axlmessage><request>getCertificates</request></axlError></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope> "

The certificate file is our internal root CA. The internal certificates on VCS-C, CUCM and CUPS are issued from this CA. The ca certificate is added to all *-trust stores on the CUP and CUCM.

Any ideas, why this certificate can't be loaded from the IM&P server?


Regards,
Paul        

Regards, Paul
9 REPLIES

Mobile and Remote Access VCS-C AXL Error

Did not look that much into it in general, but sounds to me that the rootca does not exist on the server which you connect to.

sure that all is generated and uploaded fine?

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

Community Member

Mobile and Remote Access VCS-C AXL Error

The root certificate is there, why else should it try to be loaded?

The file name is not rootca.pem, but the real file name of our root ca. So it is not just some file which includes some cas, but exactly the file for our root ca.


Regards,
Paul

Regards, Paul
Community Member

Mobile and Remote Access VCS-C AXL Error

Hi Paul, I have a TAC case open on this.  Did you ever come up with a solution for this?

Community Member

Hi,has this ever been solved?

Hi,

has this ever been solved? I've the same issue with VCS-C X8.2.2 and IM&P 10.5.1

 

Thanks

Oliver

Community Member

Hi Oliver,this was an issue

Hi Oliver,

this was an issue with IM&P 9. Did you upgrade to IMP&P 10.5 ?

If so, you can try to recreate your certificates. 

Regards, Paul
Community Member

Hi Paul,yes IM&P was upgraded

Hi Paul,

yes IM&P was upgraded to 10.5.1. VCS-C was freshly installed after IM&P upgrade. In IM&P node I see the following exeption when AXL request is generated from VCS:

java.io.FileNotFoundException: /usr/local/sip/.security/cert_cache/SERVICE_ESP/jns_Root_Certificate_Authority.pem (No such file or directory)

I already re-uploaded root cert, but the error stays

 

Community Member

Hi Oliver,the issue is on the

Hi Oliver,

the issue is on the IM&P side. If you recreate the IM&P certificates, this might fix your issue. 

Alternatively you can open a TAC case. The TAC engineer can get root access to you IM&P and fix that issue. There is also a bug for that, but I do not have the ID.

Regards, Paul
Community Member

ok, I already tried to re

ok, I already tried to re-upload all trust-certs in IM&P which didn't change the behavior. Know I deleted those root certs and uploaded again.....and voila: works now.

Thank you very much, this did the trick!

Hello eveybody,I had same

Hello eveybody,

I had same issue with IM&P ver 10.5.1.10000-9, I apply certificates from Microsoft CA Server and then when I wanted to add IM&P to Expressway-C 8.2.1 I received the same error.

I only update the IM&P software to 10.5.1.13900-2 then I could add CUP to Expressway-C.

Regards.

4295
Views
0
Helpful
9
Replies
CreatePlease to create content