Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

expired server.crt

tonidd

Technical User
Jul 12, 2019
2
US
Good morning all. I am having issues saving translations to my CSS server. I noticed that Server and Application certificates, "server.crt" has expired and I not too sure
how to get it updated. I am running CM 6.0 I know that my main server is not saving translations and not updating the other servers.

Any information to help me with this issue would be greatly appreciate!

Thank you in advance
 

CM6.X: Translation-data is not synchronized by "save translation all” to duplex-server, ESS, and LSP.​


Details​

Main CM / LSP / ESS 6.x
System Platform 6.x.

Problem Clarification​

When you run "save translations" from the main server, it will not save to duplex-server, ESS, and LSP.

ECS log indicated that certificate verify failed and expired.

20220302:212902027:678896:filesyncd(5963):HIGH:[ERROR: ssl_read: SSL_read failed: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]
20220302:212902027:678897:filesyncd(5963):HIGH:[ERROR: start_tlv: SSL negotiations must have failed.]
20220302:212902027:678898:filesyncd(5963):HIGH:[ERROR: failed to start initial TLV exchanges]
20220302:212902027:678899:filesyncd(5963):HIGH:[ERROR: client_mgr-2: filesync api failed for host 192.11.13.14]
20220302:212902354:678900:filesyncd(5963):HIGH:[ERROR: ssl_read: SSL_read failed: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]
20220302:212902354:678901:filesyncd(5963):HIGH:[ERROR: start_tlv: SSL negotiations must have failed.]
20220302:212902354:678902:filesyncd(5963):HIGH:[ERROR: failed to start initial TLV exchanges]
20220302:212902354:678903:filesyncd(5963):HIGH:[ERROR: client_mgr-2: filesync api failed for host 10.3.119.21]
20220302:212902923:678904:filesyncd(5963):HIGH:[ERROR: ssl_read: SSL_read failed: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired]
20220302:212902923:678905:filesyncd(5963):HIGH:[ERROR: start_tlv: SSL negotiations must have failed.]
20220302:212902923:678906:filesyncd(5963):HIGH:[ERROR: failed to start initial TLV exchanges]
20220302:212902923:678907:filesyncd(5963):HIGH:[ERROR: client_mgr-2: filesync api failed for host 10.3.108.17]

Cause​

To view the certificate and check the validity of the certificate.

dadmin@pbx2-primary1-cm> openssl x509 -in /etc/opt/ecs/certs/cm/ID/server.crt -t ext -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 625560 (0x98b98)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Avaya Inc., OU=CSD RFA, CN=RFA Production CA 3
Validity
Not Before: Feb 21 11:50:37 2012 GMT
Not After : Feb 21 11:50:37 2022 GMT
Subject: C=US, O=Avaya Inc., OU=Communication Manager, CN=myhost.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption

The certificates of servers expired and we need reinstall certificate again.

Solution​

The certificate is in License file prior to CM5, and AFS authentication in CM6.

For duplicated pair configurations, you must install the same authentication file on both the active server and standby server. The system does not automatically synchronize the
authentication file from active server to standby server.

Each survivable server must have its own unique authentication file.

The authentication files are loaded from the system platform Web Console of each servers and will be pushed to CM.

If VSP can't push authentication files to CM, you may install it manually on CM.
1) Upload the authentication file to /var/home/ftp/pub folder on CM
2) Run "loadpwd AF-<>.xml -f" to install it manually.
 

Part and Inventory Search

Sponsor

Back
Top