Highlighted
Honored Contributor.
Honored Contributor.
92 views

SSL renewal error of Service Manager 9.3

Hi Experts,

I'm having problem generating new SSL for my Service Manager server. I was using exactly the same "SingleSignonAuthenticationHS" used by our Vendor last 2016. I have the below error during the generation of server certificate while executing batch file "tso_srv_svlt".

1. Does it need to completely down the SM server, web servers and SRC servers during generation of certificate?

2. The previous certificate shows 3 years of expiry, but after running the batch file and checking server.keystore file only shows 3 Months(tried checking the generated file with error).

3. I have check and provided the Java HOME by editing the batch file.

Error: 

"Importing Server certificate into Server keystore

keytool error: java.lang.Exception: Failed to establish chain from reply"

Thank you in advance for the assistance.

 

0 Likes
1 Reply
Highlighted
Micro Focus Expert
Micro Focus Expert

The actual generation of the keystores via the batch files is not dependant on Service Manager running or not. You can, in fact, generate the keystores on any machine where you have access to a jre. Only when you insert the keystores into the RTE and client do these need to be restarted.

Regarding your error:

1. When running the "tso_srv_svlt" you're starting fresh

2. Ensure that the <JAVA_HOME>/lib/security/cacerts is the original one and not one from a previous attempt at running the batch file. If you ran this bat previously and had a problem you need to delete the current /lib/security/cacert and rename the /lib/security/cacert.orig to lib/security/cacert then run the bat file

3. Once the server.keystore is created you can move onto the bat file to generate client keystores and - if needed - scaled app server keystores. Note that when running client and scaled bat files you do not need to follow the steps in step 2 above as we're creating the client keystores. 

Anytime you 'start over' you need to follow the steps in Step 2 above.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.