Introduction
This document describes how to troubleshoot CUIC (Cisco Unified Intelligence Center) gadget in Cisco Finesse over HTTS. This issue was found during gadget impletementation.
Contributed by Sahar Modares, Cisco TAC Engineer.
Requirements
Cisco recommends that you have knowledge of these topics:
CUIC
Finesse
Component Used
CUIC 10.5
Finesse 11.0
Problem
New CUIC gadget was created with this link, in Finesse admin layout:
<gadget>/3rdpartygadget/files/WebService/WebService.xml</gadget>
But, it failed with this error message:
"HTTP Status 500 - javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"
Solution
HTTPS communication must be allowed between the Finesse gadget container and the third-party gadget site for loading the gadget and performing any API calls that the gadget makes to the third-party server.
The certificate must be signed with a common name. The gadget URL in the desktop layout must use the same name (whether it uses an IP address or a fully qualified domain name) as the name with which the certificate is signed. If the certificate name and the name in the gadget URL does not match, the connection is not trusted and the gadget does not load.
To find the certificate name, enter the gadget URL in your browser. Click the lock icon in the address bar and then click View Details. Look for the common name field.
The Finesse host must be able to resolve this name using the DNS host that was entered during installation. To verify that Finesse can resolve the name, run the CLI command “utils network ping <hostname>”.
Step 1. Download the tomcat.pem certificate from the third-party gadget host.
- a) Sign in to Cisco Unified Operating System Administration on the third-party gadget host (https://FQDN/cmplatform, where FQDN is the fully qualified domain name of the third-party gadget host).
- b) Click Security>CertificateManagement.
- c) Click Find.
- d) Click tomcat.pem.
- e) Click Download and save the file on your desktop.
Step 2. Upload the certificate to the primary Finesse server.
- a) Sign in to Cisco Unified Operating System Administration on the primary Finesse server (http://FQDN:8080/cmplatform, where FQDN is the fully qualified domain name of the Finesse server).
- b) Click Security>CertificateManagement.
- c) Click Upload Certificate.
- d) FromtheCertificateNamedrop-downlist,select tomcat-trust.
- e) Click Browse and navigate to the tomcat.pem file that you downloaded in the previous step.
- f) Click Upload File.
Step 3. Restart Cisco Finesse Tomcat on the primary Finesse server.
Step 4. After synchronization is complete, restart Cisco Finesse Tomcat on the secondary
Finesse server.
Another Problem
Once you upload third-party certificate which in this case is CUIC to Finesse, you expect to see gadget is loaded to Finesse, but it still fails with the error message mentioned in the problem section.
Solution
The error "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" was solved with the next steps:
Step 1. From platform admin page in Finesse, upload CUIC tomcat certificate as tomcat-trust
Step 2. Upload Finesse certificates to CUIC as tomcat-trust
Step 3. Restart these on Finesse publisher and subscriber during maintenance window with
these commands
- utils service restart Cisco Tomcat
- utils service restart Cisco Finesse Tomcat
Step 4. Restat these services on CUIC publisher and subscriber
- utils service restart Cisco Tomcat
- utils service restart Intelligence Center Reporting service
Feedback