UVC Webconsole SSL The SSL truststore is not configured correctly
search cancel

UVC Webconsole SSL The SSL truststore is not configured correctly

book

Article ID: 259407

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

After enabling SSL in the UVMS, the UVC Webconsole is unable to connect to UVMS when trying to connect with SSL mode enabled (using port 4443).

A popup error with the text "The server cannot be reached: The SSL truststore is not configured correctly" is shown as below:

Environment

Release : 6.x and 7.x

Component: Univiewer Webconsole

Context: Univiewer Webconsole connecting to a UVMS in SSL mode with the correct port (4443 by default)

Cause

Configuration issue: UVC Webconsole trust store not containing the UVMS Server certificate among the trusted certificates.

Resolution

First, all root and intermediate certificates must be imported as TRUSTEDCACERT into the UVMS Keystore + the uvms server certificate signed by the PKI as TRUSTEDSERVER.

Then, for the UVC Webconsole, the Truststore must be created and all the trustedchain of the UVMS Server Certificate must be imported as explained here  with an example below:

[root@servername path]cd /tomcat_folder/webapps/uvc/META-INF/bin
[root@servername bin]./unissl GENSTORE
Enter the password for the new Truststore
xxx
Confirm Truststore password
xxx
Truststore created successfully

Then import the server certificate (root + intermediate + server certificate in this example):

[root@servername bin]# ./unissl IMPORT -host uvms_hostname -port 4443 -type TRUSTEDSERVER -alias uvmsserver
Enter the Truststore password:xxx

Opening connection to uvms_hostname:4443...
The chain contains 3 certificate(s)

 1  Type:               CA Certificate
    Subject:            CN=domain France Root CA
    Valid from:         26/06/2017
    Valid to:           26/06/2037
    Fingerprint (MD5):  18:75:96:19:32:06:A6:C4:EC:4C:7E:BF:33:85:DD:16
    Fingerprint (SHA1): C4:9B:3F:46:8D:73:F6:35:AC:D9:4F:7F:9C:1F:28:0D:23:AC:69:47
 2  Type:               CA Certificate
    Subject:            CN=domain France Enterprise CA, DC=france, DC=domain
    Valid from:         27/06/2017
    Valid to:           27/06/2027
    Fingerprint (MD5):  2D:84:10:0D:54:B3:3B:14:15:2A:1B:A2:71:3D:38:31
    Fingerprint (SHA1): 99:B5:CF:DA:8E:B8:15:51:00:01:57:5F:04:AD:9D:C9:C6:70:E0:F7
 3  Type:               Server Certificate
    Subject:            CN=uvms_hostname.orsyptst.com
    Valid from:         24/11/2022
    Valid to:           27/06/2027
    Fingerprint (MD5):  B6:6F:83:C0:D1:6F:3D:9B:DB:BB:0F:02:83:CC:2E:08
    Fingerprint (SHA1): C8:43:71:B4:BA:9A:A2:1D:57:68:97:09:C3:06:BC:8D:ED:F8:A3:23

Enter the position of the certificate to add to the alias "server" of the Truststore or 'q' to quit: [1]
3
Import successful

Then restart the Tomcat Server and launch again UVC Webconsole, this time connect to port 4443 (or the one used for SSL) and tick the option SSL and from now on the communication with UVMS will be secured.

Powered by Wolken Software