After the installation of the Siteminder AdminUI, when you first attempt to connect to the AdminUI, the web browser returns the error "Certificate is Invalid"/"Certificate Invalid".
The AdminUI URL may also get flagged in a security report.
Component: Siteminder AdminUI
This occurs when you attempt to connect to the Siteminder AdminUI using HTTPS. The installation adds a self-signed SSL certificate to be used with HTTPS connections to the AdminUI. The error is indicating that, as a self-signed certificate, there is not Root CA to certify the cert.
Add your own certificate chain to the AdminUI and use that instead of a self-signed certificate.
Siteminder is using Jboss Wildfly as the application server. JBOSS Wildfly is using a Java key store. You can check its definition by running the following:
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=%JBOSS_HOME%\server\default\conf\keyStore.jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStoreType=jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"
If you create another keystore or changed the password you have to edit this file (please take a backup before modifying the file)
1) You need to use the keytool utiliy to add the certificate to the keystore. To make sure that you also import the private key, you had to import this as PKCS12 format
keytool -v -importkeystore -srckeystore MyStore.p12 -srcstoretype PKCS12 -destkeystore MyStore.jks -deststoretype JKS
2) Make sure that the private key has the same password as the keystore
keytool -keypasswd -alias MyStore -keypass oldpass -new newpass -keystore MyKeyStore.jks
3) Modify server.xml file.
3) Backup the existing 'server.xml' file.
4) Change the entry of keyAlias="tomcat" in Connector(https) element to
keyAlias="Alias you created"
5) Change the keystorePass if you changes password of the keyStore.
6) Save the file
7) Restart SiteMinder AdminUI Service
8) Access AdminUI using a web browser
You can find a reference of the keytool at the following location :