We have updated a new wildcard certificate from a public CA to many servers including our MBG & MiCollab servers which appear to be working fine when connecting from a browser and viewing the cert, no errors.
EnvironmentMGB
208.xxx.xxx.xxx (public)
192.168.101.60 (Int)
MiVoice Border Gateway 11.5.2.31
MiCollab
192.168.4.35 (Int)
Release level: 9.1 PR1
Active software load: 9.1.0.95
MiVB 3300
192.168.2.10 (Int)
Release level: 9.1 PR1
Active software load: 9.1.0.95
The issue is on the MiVB we normally install the same cert via the System Admin UI but this year noticed errors in the logs. We were instructed to remove that new cert and "
Use the Web Server certificate defined in Server Manager". Which we did as my understanding this cert is only used for clients connecting not the MBG or MiCollab communications.
Here are the MiVB error logs
Log Type Log Number Severity Date Time Source Description Module File Name and Line Number
Software 184 Error 2025/Jul/09 22:24:02 OSA MSTCPPostErrStack: MiSocketTCPImpl:: (SSL_ERROR_SSL) (error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca) Main MiSocketTCP.cpp;2551
Software 183 Warning 2025/Jul/09 22:24:02 OSA MiSocketTCPImpl:: SSL operation failed SSL_ERROR_SSL. (Local) 192.168.2.10:5320 / (Remote) 192.168.101.60:48586 Main MiSocketTCP.cpp;2731
Software 182 Error 2025/Jul/09 22:24:02 OSA MSTCPPostErrStack: MiSocketTCPImpl:: (SSL_ERROR_SSL) (error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca) Main MiSocketTCP.cpp;2551
Software 181 Warning 2025/Jul/09 22:24:02 OSA MiSocketTCPImpl:: SSL operation failed SSL_ERROR_SSL. (Local) 192.168.2.10:5320 / (Remote) 192.168.101.60:48584 Main MiSocketTCP.cpp;2731
Maintenance 180 Info 2025/Jul/09 22:23:50 ISDN VDsu-1 Mod 1 Port 1 Potential NetSync problems phase shifts: 1 Main Maintenance;0
Software 179 Error 2025/Jul/09 22:22:59 OSA MSTCPPostErrStack: MiSocketTCPImpl:: (SSL_ERROR_SSL) (error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca) Main MiSocketTCP.cpp;2551
Software 178 Warning 2025/Jul/09 22:22:59 OSA MiSocketTCPImpl:: SSL operation failed SSL_ERROR_SSL. (Local) 192.168.2.10:5320 / (Remote) 192.168.101.60:48576 Main MiSocketTCP.cpp;2731
Software 177 Error 2025/Jul/09 22:22:59 OSA MSTCPPostErrStack: MiSocketTCPImpl:: (SSL_ERROR_SSL) (error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca) Main MiSocketTCP.cpp;2551
Software 176 Warning 2025/Jul/09 22:22:59 OSA MiSocketTCPImpl:: SSL operation failed SSL_ERROR_SSL. (Local) 192.168.2.10:5320 / (Remote) 192.168.101.60:48574 Main MiSocketTCP.cpp;2731
What I think is happening (I could be wrong) is the MiVB doesn't recognize the new CA (Certificate Authority) for the new certs on both the MBG & MiCollab, since the MiVB system has not been updated in a while so the "trusted CA certificate store" doesn't recognize the Root CA. (see red txt in logs above)
I have attempted to use the "
Server Mgr>>Web Server>>Cert Authority Trust" tab to install the new CA's Root cert and separately the Intermediate bundle in PEM format and then I also tried bundling both the Root cert and Intermediate certs in this order
-----BEGIN CERTIFICATE----- ? Intermediate CA (e.g., Sectigo R36)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- ? Root CA (e.g., USERTrust RSA)
-----END CERTIFICATE-----
In both tests, I have did the following on the MiVB Server Mgr;
install the Root Cert and Intermediate Cert bundle in X.509 PEM format, review logs (no change)
reboot MBG & MiCollab (no change)
reboot the MiVB, MBG & MiCollab (no change)
I don't know if it is an formatting order issue of the cert but any insight would be appreciated.
