UVC Webconsole SSL The SSL truststore is not configured correctly
Article ID: 259407
Updated On:
Products
Issue/Introduction
After enabling SSL in the UVMS, the UVC Webconsole is unable to connect to UVMS when trying to connect with SSL mode enabled (using port 4443).
A popup error with the text "The server cannot be reached: The SSL truststore is not configured correctly" is shown as below:
Environment
Release : 6.x and 7.x
Component: Univiewer Webconsole
Context: Univiewer Webconsole connecting to a UVMS in SSL mode with the correct port (4443 by default)
Cause
Configuration issue: UVC Webconsole trust store not containing the UVMS Server certificate among the trusted certificates.
Resolution
First, all root and intermediate certificates must be imported as TRUSTEDCACERT into the UVMS Keystore + the uvms server certificate signed by the PKI as TRUSTEDSERVER.
Then, for the UVC Webconsole, the Truststore must be created and all the trustedchain of the UVMS Server Certificate must be imported as explained here with an example below:
[[email protected] path]cd /tomcat_folder/webapps/uvc/META-INF/bin
[[email protected] bin]./unissl GENSTORE
Enter the password for the new Truststore
xxx
Confirm Truststore password
xxx
Truststore created successfully
Then import the server certificate (root + intermediate + server certificate in this example):
[[email protected] bin]# ./unissl IMPORT -host uvms_hostname -port 4443 -type TRUSTEDSERVER -alias uvmsserver
Enter the Truststore password:xxx
Opening connection to uvms_hostname:4443...
The chain contains 3 certificate(s)
1 Type: CA Certificate
Subject: CN=domain France Root CA
Valid from: 26/06/2017
Valid to: 26/06/2037
Fingerprint (MD5): 18:75:96:19:32:06:A6:C4:EC:4C:7E:BF:33:85:DD:16
Fingerprint (SHA1): C4:9B:3F:46:8D:73:F6:35:AC:D9:4F:7F:9C:1F:28:0D:23:AC:69:47
2 Type: CA Certificate
Subject: CN=domain France Enterprise CA, DC=france, DC=domain
Valid from: 27/06/2017
Valid to: 27/06/2027
Fingerprint (MD5): 2D:84:10:0D:54:B3:3B:14:15:2A:1B:A2:71:3D:38:31
Fingerprint (SHA1): 99:B5:CF:DA:8E:B8:15:51:00:01:57:5F:04:AD:9D:C9:C6:70:E0:F7
3 Type: Server Certificate
Subject: CN=uvms_hostname.orsyptst.com
Valid from: 24/11/2022
Valid to: 27/06/2027
Fingerprint (MD5): B6:6F:83:C0:D1:6F:3D:9B:DB:BB:0F:02:83:CC:2E:08
Fingerprint (SHA1): C8:43:71:B4:BA:9A:A2:1D:57:68:97:09:C3:06:BC:8D:ED:F8:A3:23
Enter the position of the certificate to add to the alias "server" of the Truststore or 'q' to quit: [1]
3
Import successful
Then restart the Tomcat Server and launch again UVC Webconsole, this time connect to port 4443 (or the one used for SSL) and tick the option SSL and from now on the communication with UVMS will be secured.
Attachments
Feedback
