Hi Guys. We are running an old CIC version which is CIC 3.0 SU20 and we are trying to upgrade our Media Server into 2015 R2. Unfortunately when we try to add CIC server from Media Server Web GUI, we are getting the below error. Any idea on the issue?

Creation of subsystem certificate on 'CICserver.prod.com' failed! Details:  ErrorCode: error.i3certificates.parameter.invalid Description: Invalid client certificate received. Hostname: HKGCICMS2 Function: iccertificates::ICCertificate::initialize() File(Line): //eic/2015r2_p24/products/EIC/Src/ICCertificates/ICCertificatesAPI/iccertificatesapi.cpp#1(2430) Parameters:

------------------------------
A

------------------------------

3.0 is currently running into an issue with certificate signing that I assume you are running into. By default CIC signs all of the certificates for 20 years. The old version of OpenSSL which CIC uses is vulnerable to the following bug: Year 2038 problem - Wikipedia

Wikipedia		remove preview
Year 2038 problem - Wikipedia The Year 2038 problem relates to representing time in many digital systems as number of seconds passed since January 1, 1970 and storing it as a signed 32-bit integer. Such implementations cannot encode times after 03:14:07 UTC on 19 January 2038. View this on Wikipedia >

You are most likely running into the signed 32 bit integer overflow issue. I know this problem has been reported all over the forums for the SIP soft phone. For the SIP soft phones there was a workaround which I don't think is officially supported by Genesys which involves copying the certificate file from a working SIP soft phone. I don't think this workaround will work on the media servers though as the ticket signing happens a different way.

I would urge you to reach out to your VAR and ask them for assistance as the way I understand it you can't add anything to a CIC system that is currently on 3.0 due to the certificate issue so your only option is to upgrade the CIC environment.

I would also suggest if you are going to upgrade that you don't stop at CIC 2015 and instead go for a version that still has active patches released for it.

------------------------------
Mark Tatera
ConvergeOne

Opinions are my own and not the views of my employer. Any suggestions or programming changes I suggest come with no warranty and should be tried at your own risk.
------------------------------

Original Message:
Sent: 03-25-2018 22:21
From: Ariel Collado
Subject: Media Server Certificate Issue

Hi Guys. We are running an old CIC version which is CIC 3.0 SU20 and we are trying to upgrade our Media Server into 2015 R2. Unfortunately when we try to add CIC server from Media Server Web GUI, we are getting the below error. Any idea on the issue?

Creation of subsystem certificate on 'CICserver.prod.com' failed! Details:  ErrorCode: error.i3certificates.parameter.invalid Description: Invalid client certificate received. Hostname: HKGCICMS2 Function: iccertificates::ICCertificate::initialize() File(Line): //eic/2015r2_p24/products/EIC/Src/ICCertificates/ICCertificatesAPI/iccertificatesapi.cpp#1(2430) Parameters:

------------------------------
A

------------------------------

Hi Mark. Thanks for your reply. For the softphone issue that is actually what we did "copying certificate from a working environment." From the KB article, the workaround for the Media server are mentioned below. However, Option 1 did not work for some of our Media server. Option 2 is a risk as we don't want to change IC certificates. I guess we are left with version upgrade.

Option to work around the Media Server issue include
1)Upgrade the Media Server to 2015 R1 or newer
2)If going to 2016 R4 or newer on the Media Server, the certificates need converted to SHA256 on Interaction Center.
**This option has not worked 100% of the time.  If it does not work Interaction Center will need upgraded to 2015R1 or newer.

------------------------------
A
------------------------------

Original Message:
Sent: 03-26-2018 13:01
From: Mark Tatera
Subject: Media Server Certificate Issue

3.0 is currently running into an issue with certificate signing that I assume you are running into. By default CIC signs all of the certificates for 20 years. The old version of OpenSSL which CIC uses is vulnerable to the following bug: Year 2038 problem - Wikipedia

Wikipedia		remove preview
Year 2038 problem - Wikipedia The Year 2038 problem relates to representing time in many digital systems as number of seconds passed since January 1, 1970 and storing it as a signed 32-bit integer. Such implementations cannot encode times after 03:14:07 UTC on 19 January 2038. View this on Wikipedia >

You are most likely running into the signed 32 bit integer overflow issue. I know this problem has been reported all over the forums for the SIP soft phone. For the SIP soft phones there was a workaround which I don't think is officially supported by Genesys which involves copying the certificate file from a working SIP soft phone. I don't think this workaround will work on the media servers though as the ticket signing happens a different way.

I would urge you to reach out to your VAR and ask them for assistance as the way I understand it you can't add anything to a CIC system that is currently on 3.0 due to the certificate issue so your only option is to upgrade the CIC environment.

I would also suggest if you are going to upgrade that you don't stop at CIC 2015 and instead go for a version that still has active patches released for it.

------------------------------
Mark Tatera
ConvergeOne

Opinions are my own and not the views of my employer. Any suggestions or programming changes I suggest come with no warranty and should be tried at your own risk.

Original Message:
Sent: 03-25-2018 22:21
From: Ariel Collado
Subject: Media Server Certificate Issue

Hi Guys. We are running an old CIC version which is CIC 3.0 SU20 and we are trying to upgrade our Media Server into 2015 R2. Unfortunately when we try to add CIC server from Media Server Web GUI, we are getting the below error. Any idea on the issue?

Creation of subsystem certificate on 'CICserver.prod.com' failed! Details:  ErrorCode: error.i3certificates.parameter.invalid Description: Invalid client certificate received. Hostname: HKGCICMS2 Function: iccertificates::ICCertificate::initialize() File(Line): //eic/2015r2_p24/products/EIC/Src/ICCertificates/ICCertificatesAPI/iccertificatesapi.cpp#1(2430) Parameters:

------------------------------
A

------------------------------