Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
Aayush56 Honored Contributor.
Honored Contributor.
739 views

SSL certificate BY Certificate Authority

10.32 CP 25

Hi 

I just installed the CA certificate on the test environment and again restarted the services. UI is coming as it was coming earlier.

Question is How can I verify that is install or not.  

Regards

Ayush 

Tags (1)
0 Likes
12 Replies
johnc3 Acclaimed Contributor.
Acclaimed Contributor.

Re: SSL certificate BY Certificate Authority

Use keytool to list the available certificates.

Kind regards,
Bogdan Mureșan

EMEA Technical Success
0 Likes
Aayush56 Honored Contributor.
Honored Contributor.

Re: SSL certificate BY Certificate Authority

Bogdan,

As i insatlled the certificate again . Now i am checking again and this time the UI page is not coming after hitting the URL. even i checked the startup log in that everything started. In the error i found this.

2018-03-09 16:44:32,614 ERROR [UCMDB - global framework scheduler] (HALogWrapper.java:331) - javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
2018-03-09 16:45:32,615 ERROR [UCMDB - global framework scheduler] (HALogWrapper.java:331) - javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Do you have any idea why it happened

0 Likes
Aayush56 Honored Contributor.
Honored Contributor.

Re: SSL certificate BY Certificate Authority

Hi Bogdan,

Surprisingly When I removed the server.key file from the conf folder as written in the document. No new server key file is going to be created over there.

And in the startup log I can check everything starting properly.
Is this usual ?

Regards

Ayush

0 Likes
johnc3 Acclaimed Contributor.
Acclaimed Contributor.

Re: SSL certificate BY Certificate Authority

Hello Ayush,

I was about to recommend to verify if the certificate is in the proper place and added in the truststore of the other component.

If it works, don't alter it 🙂

 

Kind regards,
Bogdan Mureșan

EMEA Technical Success
0 Likes
Aayush56 Honored Contributor.
Honored Contributor.

Re: SSL certificate BY Certificate Authority

Hi Bogdan,

Today i checked the a startup log and found this there. So basically server is not finding the server.keystore file over there thats why it is not providing any UI to me. Aslo i want to tell you the source and destinatioon password are different

Steps i took 

Install the certificate on the server by right clicking.

Remove the Old Server.keystore file.

Copy the pfx file into the conf/security.

open the cmd & run keytool -importkeystore -srckeystore Path\ABC.pfx -srcstoretype PKCS12 -destkeystore server.keystore

It asked for destination pass & Source pass and i got the result as:

Entry for alias ServerURL  successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or
cancelled

BUt in the logs it provided me this one.

Configuring HTTPS on port 8443
2018-03-13 12:03:28,408 ERROR [WrapperSimpleAppMain] - ..\conf\security\server.keystore not found, HTTPS not configured
2018-03-13 12:03:28,470 INFO [WrapperSimpleAppMain] - HTTPS configured on port 8443
2018-03-13 12:03:28,470 INFO [WrapperSimpleAppMain] - Configuring HTTPS with client authentication on port 8444
2018-03-13 12:03:28,470 ERROR [WrapperSimpleAppMain] - ..\conf\security\server.keystore not found, HTTPS not configured
2018-03-13 12:03:28,470 INFO [WrapperSimpleAppMain] - HTTPS with client Authentication configured on port 8444

 

i checked also the bin\ jre folder in that there is one server keystore file Copy that file to the security folder and again restart the services. The above error is resolved but new error came in the startup log

2018-03-13 12:47:58,685 ERROR [WrapperSimpleAppMain] - Failure starting jetty server
MultiException[java.security.UnrecoverableKeyException: Cannot recover key, java.security.UnrecoverableKeyException: Cannot recover key]

Now i don't know which step i missed here. Do you have any idea?

Regards

Ayush

 

 

 

Tags (1)
0 Likes
Aayush56 Honored Contributor.
Honored Contributor.

Re: SSL certificate BY Certificate Authority

HI 

ANybody can help me on this i have the steps from the Hardening guide but new keystore file is not created in the security folder. Any one else face this issue of installing the SSL certificate from Certificate Authority.

Regards

Ayush

0 Likes
johnc3 Acclaimed Contributor.
Acclaimed Contributor.

Re: SSL certificate BY Certificate Authority

Hello Ayush,

 

your specific problem is rare. This should be handled further in a Support case.

Kind regards,
Bogdan Mureșan

EMEA Technical Success
0 Likes
Aayush56 Honored Contributor.
Honored Contributor.

Re: SSL certificate BY Certificate Authority

Hi Bogdan,

So the steps i am following aren't incorrect it just a tool problem. For that i will have to a raise support case.

Ayush

0 Likes
johnc3 Acclaimed Contributor.
Acclaimed Contributor.

Re: SSL certificate BY Certificate Authority

I won't confirm or deny that it's a tool problem. I would state that it's an issue that needs to be handled outside of the public forums due to the security aspect.

Kind regards,
Bogdan Mureșan

EMEA Technical Success
0 Likes
Aayush56 Honored Contributor.
Honored Contributor.

Re: SSL certificate BY Certificate Authority

Thanks Bogdan for the help. I will raise a case.,

Regards

Ayush

0 Likes
johnc3 Acclaimed Contributor.
Acclaimed Contributor.

Re: SSL certificate BY Certificate Authority

Keep us posted if the resolution can be publically shared.

Kind regards,
Bogdan Mureșan

EMEA Technical Success
0 Likes
Aayush56 Honored Contributor.
Honored Contributor.

Re: SSL certificate BY Certificate Authority

Hi Bogdan,

I found the issue with the certificate installation 

  • Command was not proper for creating the new store key file in the defined location which is given  by HP. The correct comand for that 

keytool.exe -importkeystore -srckeystore d:\hp\UCMDB\UCMDBServer\conf\security\certificate.pfx -srcstoretype PKCS12 -destkeystore d:\hp\UCMDB\UCMDBServer\conf\security\server.keystore.

Also 

  • Certificate which was provided to me is having a different alias(hpucmdbdevapp).

Question : Do we really need to put the alias as default one or is there any other way where we change the alias according to the provided certificate

  • The PEM Phrase password provided for the certificate is different from the default. So i changed it too.

Regards

Ayush 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.