Steps to Create SSL certificates for OC, AC, and Cabi servers in DX UIM
search cancel

Steps to Create SSL certificates for OC, AC, and Cabi servers in DX UIM


Article ID: 234249


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)


Steps to create a signed certificate for Operator Console/Cabi/ Admin Console to avoid privacy errors in the browsers " Your connection is not private ", and "NET::ERR_CERT_AUTHORITY_INVALID"



Release : All supported versions

Component: wasp


  • The privacy error in the browsers is caused by the self-signed certificate that is created when configuring the wasp probe to use HTTPS.


NOTE: This is the only Broadcom tested and approved process to import a CA certificate.

The process below will help you create and import a server certificate signed by your root CA and trusted by the browsers.

The same steps apply to the wasp probe to Cabi, Admin Console, and Operator Console.


Verify the following prerequisites before continuing:

- You are an administrative user with access to Infrastructure Manager.
- Wasp probe is configured to use HTTPS.
- Access to the server you want to create the certificate for.

Part 1: Create a password for wasp.keystore:

1. SSL reinitializes keystore (wasp callback) to reset the wasp.keystore

       Follow these steps:

       A- Open Infrastructure Manager.
       B- Navigate to the robot you want to create the certificate for.
       C- Click on the wasp probe to highlight it.
       D- Press Ctrl+<P> to open the probe utility.
       E- In the drop-down list under the Probe command set, select ssl_reinitialize_keystore.
       F- Enter a new password as an argument.
            Use a password that is at least six characters long. The wasp probe utility will not prevent you from using a shorter password. save this password as you will need to use this password in the next steps.
       G- Click the green play button to run the callback.
       H- The Command status bar displays the text OK.
            Securely record the password you set for future use.

Part 2:Set the keytool Path:

1.  RDP/ssh to the server that you want to create the certificate for then open command prompt as administrator

2. Run the below commands to locate the keytool 

cd \
dir /b/s keytool.exe

3. Add the directory where keytool.exe resides to the PATH variable.
use the keytool that with Nimsoft location


For example:
PATH=%PATH%;C:\Program Files\Nimsoft\jre\jre8u282b08\bin

4. go to Nimsoft\probes\service\wasp\conf:

For example:
cd C:\Program Files\Nimsoft\probes\service\wasp\conf

5. Verify you can access wasp.keystore, run the list command

keytool -list -alias wasp -keystore wasp.keystore

the keystore password is what you created in Part 1

Part 3:Create keypair and CSR:

1 . Run the below command to delete the automatically generated wasp keystore certificate, the password is what you created in Part 1

keytool -delete -alias wasp -keystore wasp.keystore

2. Verify keystore has deleted the automatically-generated certificate

keytool -list -keystore wasp.keystore

3. generate public and private keys

keytool -genkeypair -alias wasp -keyalg RSA -keysize 2048 -keystore wasp.keystore -validity 999

Please consult with your team about the key pair and the CSR information (server name, Organizational unit,...etc).

4. Generate CSR

keytool -certreq -alias wasp -validity 999 -keystore wasp.keystore -file certificate_filename.csr -ext,ip:<ipaddress>

5. The CSR file can be located in \Nimsoft\probes\service\wasp\conf

Please share the CSR with your internal team to sign it.


We highly recommend taking a backup of the wasp.keystore at this point

Part 4: Import the signed certificates:

Your team should provide the below certificates:

- Root CA certificate
- intermediate certificate/s (if applicable).
- Signed server certificate.

Please follow the below steps to import the certificates:

1- Copy/paste the Root certificate, intermediate certificates (if any), and the server signed certificate to the folder 

<instillation location>\Nimsoft\probes\service\wasp\conf

2- Import Root certificate

keytool -import -file  <CA root certificate file> -alias rootCA -keystore wasp.keystore -trustcacerts

3- Import INtermediate certificate ( if available)

keytool -import -file  <CA Intermediate certificate file> -alias Intermediate -keystore wasp.keystore -trustcacerts

4- Import Signed certificate

keytool  -import  -alias wasp  -file <CA signed certificate file> -keystore wasp.keystore

5- Restart wasp probe on the Cabi robot and verify the Cabi loads with the signed certificate.

Additional Information

keytool path

You can set the keytool path in Windows by following the below steps:

1. RDP to the server that you want to create the certificate for then open Control Panel > System > Advanced > Environment Variables

2. On the system variable, Select New to add a system Variable

3. Enter the below variable information

Variable name: PATH
Variable value: <directoryWhereNimsoftKeytool.exeResides>

Configure HTTPS in Admin Console or OC (Authority-Signed Certificate)