Untrusted Certificate popup warning when using either the launcher or jnlp java applet

book

Article ID: 171405

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Management console service configured with a self signed certificate.
When launching the Management console via Launcher or jnlp java applet, the below Warning window appears:

Cause

Self Signed certificates are not trusted by default.

Resolution

To add the certificate to java's keystore do the following

  1. Download the Cert in place for the console by browsing the below URL
    1. https://<proxy:ip>/SSL/Download_ca
    2. Spot the cert served by the GUI, click on it to download it (.cer file).
    3. If needed, the cert name that you need to download can be visible accessing to proxy's GUI > Configuration > Services > Management Services > HTTPS-Console > Edit > check the name displayed on the Keyring info.
  2. Once cert is downloaded to the local computer, import it to the java's keystore. For this, you should check where you installed your java jre.
    1. For example, if it was installed in (Windows) c:\Program Files (x86)\Java. This path vary depending on the local computer, change the below commands to refect the actual specifics of your environment.
    2. Also assume, the .cer file (step #1) was saved in the Desktop: Path: C:\Users\Administrator\Desktop\MC_cert_new.cer
    3. To add a cert into the java's keystore cacert, I issued the below commands opening up the windows commander with administrative privileges:
      1.  cd c:\Program Files (x86)\Java\jre1.8.0_144\bin>
      2. keytool.exe -import -trustcacerts -keystore "C:\Program Files\Java\jre1.8.0_161\lib\security\cacerts" -storepass changeit -noprompt -alias MC -file "C:\Users\Administrator\Desktop\MC_cert_new.cer"
      3. keytool.exe -import -trustcacerts -keystore "c:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts" -storepass changeit -noprompt -alias MC -file "C:\Users\Administrator\Desktop\MC_cert_new.cer"
      4. (keystore's password by default is changeit - use this one if not previously modified)
  3. Finally, if not performed already, go to control panel > Java (32-bit) > Security and add an exception for the proxy and Certificate.