Certificate Error when open a form from User App - Resquest

Hello friends, from yesterday I cant open any form fron User Aplication. I get an certificate error, a new one for me, it show a certificate that I dont know where is or how replace.

Look like Chrome and other browser update its security, and now dont allow continue with some situation about certificate.

Any Idea how to fix it?

Thanks!

  • Verified Answer

    +1

    The certificate for formio is in /opt/netiq/common/nginx/cert/ . Here is how you can generate the keys from your tomcat keystore with keytool and openssl.

    Private key:

    keytool -importkeystore -srckeystore /opt/netiq/idm/apps/tomcat/conf/tomcat.jks -destkeystore /tmp/idm.p12 -deststoretype PKCS12 -srcalias <aliasOfYourTomcatCert> -deststorepass <thePasswordYouWant> -destkeypass <thePasswordYouWant>

    openssl pkcs12 -in /tmp/idm.p12 -nocerts -out /tmp/nginx.key12

    openssl rsa -in /tmp/nginx.key12 -out /tmp/nginx.key -aes256


    Public key:

    openssl pkcs12 -in /tmp/idm.p12 -nokeys -out /tmp/nginx.crt

    Then put nginx.key and nginx.crt in /opt/netiq/common/nginx/cert/ . Remember to update the password in pass.txt to match your certifcate.

     

  • 0  

    That cert expired in 2020.  It may be Chrome is no longer accepting expired Certs again.

    Update the cert on the UA.  If you look on the server, assuming Linux...

    /opt/netiq/idm/apps/tomcat/conf/server.xml look for a <Connection> node with the port you are using (8443, perhaps.  But you might also have a redirector at the front end, that redirects traffic from 443 to 8443, so might be showing 8443 when you think you use 443 or simply https://).

    It will reference a keystore file and password.  Get a new cert (publicly signed?  Self signed?  eDir CA signed? ) however you handle certs, and name the file the same as the old one.  And set the password the same as the old, replace the file and restart Tomcat.

  • 0 in reply to 

    Thanks for the information friend, it work in our test enviroment!.

    I will fix the client env with the same instruction!.

    Thanks!

  • 0   in reply to   

    Ya, oops, I did not see this was Forms.  That is ngnix as noted. Sorry.