Highlighted
Honored Contributor.
Honored Contributor.
356 views

Replacing the Central TLS Server Certificate Issue

Hi,

I am using OO 10.60 and facing the following issue:

After OO 10.60  fresh install, we applied the Central TLS Server Certificate replacement (yellow part in attachment) procedure but OO did not start.

Regards

0 Likes
12 Replies
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Replacing the Central TLS Server Certificate Issue

When you start up - what error are you seeing in the wrapper log? 

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Replacing the Central TLS Server Certificate Issue

Here is the wrapper log.

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Replacing the Central TLS Server Certificate Issue

do a dump of the key store 

$ keytool -list -v -keystore key.store
0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Replacing the Central TLS Server Certificate Issue

I execute this command, OO is still down.

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Replacing the Central TLS Server Certificate Issue

can you reply with the output - it should show your imported certs

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Replacing the Central TLS Server Certificate Issue

Sorry JarodMB, but the output contains confidential info, so i cannot share it.

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Replacing the Central TLS Server Certificate Issue

do you see the tomcat alias? fields listed under are correct? 

also, is the password for the key.store still the default or did you update it? 

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Replacing the Central TLS Server Certificate Issue

Yes i see the tomcat alias.

The password for the key.store still the default .

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Replacing the Central TLS Server Certificate Issue

Is the cert imported from a well known issuing authority? 

if not the steps below the key.store includes steps to import the root CA for the client.truststore 

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Replacing the Central TLS Server Certificate Issue

The cert is imported from our issuing authority.

NB: When we tried another scenario in which we provide the certificate and root CA during installation, OO starts normally but when we tried to install it with it's default certificate and than change it after installation the issue appears.

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Replacing the Central TLS Server Certificate Issue

So on manual import you've imported with keytool to both client.truststore (root ca) and key.store - and its not functioning as desired? 

But using the GUI you're successful? 

if so maybe open a support ticket with microfocus to see if there are any other changes needed

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.