uCMDB Browser to uCMDB Server SSL not working
I am having issues configuring uCMDB Browser to uCMDB Server communication on https. Http works.
I have changed ucmdb_browser_config.xml to use https, with proper values for FQDN, and port
<host_name>FQDN or IP</host_name>
I have uncommented SSL block in server.xml & SSL is enabled. SSL is definitely enabled as I can connect from browser to uCMDB Browser using https.
I have configured uCMDB Browser to read the keystore and truststore give file location and pass. I have given Full path to trusts store & key store file and password.
I have inserted our private rootCA & intermediate CA in both keystore and truststore as trusted CA's in these files (uCMDBBrowser.keystore, uCMDBBrowser.truststore).
When I list these file I see these private trusted CA certs listed.
My server.xml has below entry
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="uCMDBBrowser.keystore" keystorepass = "somepass"
truststoreFile= "uCMDBBrowser.trustStore" truststorepass = "somepass"/>
But I can’t get SSL working with uCMDBServer .
It says PKIX cert chain validation error .
I have checked forums and seen many articles describing Tomcat can't read configuered truststore and keystore . Hence, I have also tried importing these certs in %JAVA_HOME%/jre/lib/security/cacerts But that doesn’t work either.
Please advise how to configure uCMDB Browser to configure SSL
I have used following command to add cert in keystore & trustsore
keytool -importcert -file downloaded.cer -alias somealias -keystore keystore_file -storepass somepass
Please note we have RootCA , intermediate CA , and then host .
I have tried importing RootCA , intermidateCA and host (4 of them as we have load balancer with 4 uCMDB Servers), but still doesnt work.
I have created one cert with RootCA + intermidateCA and added that separately , still same error.
Our uCMDB Server when connected from browser on https has no error or warning . I have added the Root CA & intermediate CA in browser.
So definately its not issue with uCMDB Server certificate.
Please let us know what is configuration required in uCMDB Browser to get it working?
Can you provide more details:
What versions are you using?
Are you running Win?
From the post I understoos that you are using Standalone UCMDB browser. Is it correct?
Did you onfigure HA mode for both the Browser and the UCMDB server?
Can you provide more details:
What versions are you using? Praveen :- 10.10
Are you running Win? Praveen : - Yes
From the post I understoos that you are using Standalone UCMDB browser. Is it correct? Praveen Standalone , can you clarify on that ?
Did you onfigure HA mode for both the Browser and the UCMDB server? Praveen :-Yes. Both are on HA.
Did this get resolved? I have a customer in a similar position where everything uses CA certificates, everything works except Browser > UCMDB, i.e. Probe > UCMDB is fine using CA certs and users > Browser using CA certs works.