[cisco-voip] IM&P - services reported in unknown state after SAN cert install
Ryan Huff
ryanhuff at outlook.com
Mon Mar 14 15:44:38 EDT 2016
Correct; tomcat-trust is the trust store where the trusted CA chain goes and then the server certificate goes in the tomcat category.
Afterwards; you should only need a restart of tomcat services. However, if the nodes are having issues trusting one another within the cluster (assuming that your issue is a cert trust issue); left that way long enough will likely start to cause replication issues within the cluster.
After you resolve the issue, I would verify db replication is healthy.
Sent from my iPhone
On Mar 14, 2016, at 3:38 PM, Erick Wellnitz <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:
I did that as well but I'm not 100% sure if the entire Root CA chain got installed. I'll check that.
What made me try inserting the multi-server SAN into the tomcat-trust is that the IM&P entries for tomcat-trust have vanished. Maybe I'm mis-remembering seeing them there in the first place.
On Mon, Mar 14, 2016 at 12:54 PM, Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>> wrote:
Just to clarify, your Multi-Server SAN cert should be installed to Tomcat and not Tomcat Trust. The signing CA cert should go in Tomcat Trust. Is that what you meant to say you did?
On Mon, Mar 14, 2016 at 1:47 PM, Erick Wellnitz <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:
I have a strange issue with CUCM 11.0.1 and IM&P 11.0.1
We installed the multi-server SAN cert for tomcat and now the IM&P data monitor service is in an unknown state according to the system troubleshooter.
The SAN cert is installed to tomcat-trust so it shouldn't be a cert issue. Done service restarts, reboots and nothing seems to resolve this.
Anyone seen something like this before?
Thanks in advance!
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160314/d3f03b3e/attachment.html>
More information about the cisco-voip
mailing list