Highlighted
Super Contributor.. Super Contributor..
Super Contributor..
192 views

local client security cert from CA still not trusted

My local client is not recognizing my CA cert and every time I attempt to login I get the warning that it was not issued by a trusted certificate authority. In the web browser it is trusted so I am not sure why it isn't working with the local client. According to the documentation you only need to import the cert if it is the OOTB certificate. I have imported it anyways but still does not work.  Any suggestions?

15 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: local client security cert from CA still not trusted

The Local Client comes with it's own JRE.
Did you try to add your cert in the Local CLient JRE truststore?

 

Kind regards,
Bogdan Mureșan
EMEA CMS Technical Success
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: local client security cert from CA still not trusted

yes I did but still saying it is not trusted when you first login.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: local client security cert from CA still not trusted

Awkward.
Did you try with the latest Local Client version?

Can you confirm that the certificate is indeed in the truststore? You can use keytool to list all the certificates in the truststore.

 

Kind regards,
Bogdan Mureșan
EMEA CMS Technical Success
0 Likes
Highlighted
Micro Focus Contributor
Micro Focus Contributor

Re: local client security cert from CA still not trusted

Hi All,

The important thing here is that the whole keychain needs to be imported into the local client truststore.

Could you please run the command

keytool -printcert -v -sslserver <Your UCMDB Server FQDN>:8443 to see the hierarchy of your SSL certificate?

With that you can then also get the individual certificates using this command:

keytool -printcert -v -sslserver <Your UCMDB Server FQDN>:8443 –rfc

You can then split each certificate and store each in an individual .crt file. Then use keystore explorer to import each as a trusted certificate into the Local CLient JRE trustore file.

Once the whole chain is imported restart the local client and I’m sure the warning will have disappeared.

 

Hope this works for you.

 

Best regards,

 

Armin Hergenhan

Micro Focus EMEA Technical Support

Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: local client security cert from CA still not trusted

According to the documentation provided by Microfocus it says to import it in the cacerts file in the keystore. Nothing about truststore. I did see it in keystore along with 162 other ones.

 

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: local client security cert from CA still not trusted

You are right. I confused the keystore with the truststore.
For a CA cert you will need to add it in the keystore.
Can you test this option? You can easily revert it as you can delete the cert afterwards.
Kind regards,
Bogdan Mureșan
EMEA CMS Technical Success
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: local client security cert from CA still not trusted

I can see it in there when I do a keytool list but I think it maybe that the alias does not match. Once I get the Alias I will see if that is the problem.

Highlighted
Micro Focus Expert
Micro Focus Expert

Re: local client security cert from CA still not trusted

Hi there,

so what was the alias exactly?
Kind regards,
Bogdan Mureșan
EMEA CMS Technical Success
0 Likes
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: local client security cert from CA still not trusted

I was thinking i needed to add the alias of the cert but that didn't work. I know the cert is in the cacerts with 162 other certs so I'm not sure why this is not working.  It shows that it is good until 2021.

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: local client security cert from CA still not trusted

Can you explain where exactly did you put the CA cert and what commands did you use?

Likes are appreciated!
0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: local client security cert from CA still not trusted

you have to add the cert using the keytool/java provided with the local client as it is looking in the keystore there.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.