Untrusted Certificate popup warning when using either the launcher or jnlp java applet
search cancel

Untrusted Certificate popup warning when using either the launcher or jnlp java applet


Article ID: 171405


Updated On:


ProxySG Software - SGOS Advanced Secure Gateway Software - ASG


Management console service configured with a self signed certificate.
When launching the Management console via Launcher or jnlp java applet, the below Warning window appears:


Self Signed certificates or the certificate used for GUI are not trusted by default by Java.


To add the certificate to java's keystore do the following

  1. Download the Cert in place for the console by browsing the below URL
    1. https://<proxy:ip>/SSL/Download_ca
    2. Spot the cert served by the GUI, click on it to download it (.cer file).
    3. If needed, the cert name that you need to download can be visible accessing to proxy's GUI > Configuration > Services > Management Services > HTTPS-Console > Edit > check the name displayed on the Keyring info.
  2. Once cert is downloaded to the local computer, import it to the java's keystore. For this, you should check where you installed your java jre.
    1. For example, if it was installed in (Windows) c:\Program Files (x86)\Java. This path vary depending on the local computer, change the below commands to refect the actual specifics of your environment.
    2. Also assume, the .cer file (step #1) was saved in the Desktop: Path: C:\Users\Administrator\Desktop\MC_cert_new.cer
    3. To add a cert into the java's keystore cacert, I issued the below commands opening up the windows commander with administrative privileges:
      1.  cd c:\Program Files (x86)\Java\jre1.8.0_144\bin>
      2. keytool.exe -import -trustcacerts -keystore "C:\Program Files\Java\jre1.8.0_161\lib\security\cacerts" -storepass changeit -noprompt -alias MC -file "C:\Users\Administrator\Desktop\MC_cert_new.cer"
      3. keytool.exe -import -trustcacerts -keystore "c:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts" -storepass changeit -noprompt -alias MC -file "C:\Users\Administrator\Desktop\MC_cert_new.cer"
      4. (keystore's password by default is changeit - use this one if not previously modified)
  3. Finally, if not performed already, go to control panel > Java (32-bit) > Security and add an exception for the proxy and Certificate.