We are having problems activating SSL on a Dollar Universe node, running the latest version 7.00.11.

We have generated a private key and certificate request. Signed the request and imported all certificate authorities as trusted certs, imported the server cert as server cert. Then we tried to turn SSL on but got an error message saying SSL mode can not be activated without a CA certificate

[universe@hostname bin]$ ./unissl list -type TRUSTEDCACERT
CA certificate not found: /opt/automic/duas/data/security/orsyp.cer
CA certificate file name: /opt/automic/duas/data/security/COMPANY_CA_2061
CA certificate file name: /opt/automic/duas/data/security/Vault_CA_2023
CA certificate file name: /opt/automic/duas/data/security/DEV_2023_CA
CA certificate file name: /opt/automic/duas/data/security/DEV_TOOLS_2023_CA
[universe@hostname  bin]$ ./unissl list -type SERVERCERT
Server certificate file name: /opt/automic/duas/data/security/server.cer
Command successful.
[universe@hostname  bin]$ ./unissl list -type SERVERKEY
Private key file name: /opt/automic/duas/data/security/privkey.pem
[universe@hostname  bin]$ ./unissl SET -enable on -mshost my.host.com -msport 4443
SSL mode can not be activated without CA certificate.
SSL configuration unchanged (off)

Release : 6.10/7.00

The problem is that Dollar Universe tries to source a cert from orsyp.cer but no cert was added there.

[universe@hostname  data]$ /opt/automic/duas/bin/unissl list -type TRUSTEDCACERT -view
CA certificate not found: /opt/automic/duas/data/security/orsyp.cer
<...>

The problem can be solved by setting U_SSL_CA to the lowest CA, in other words, set it to the cert that signs the server cert. 

Specifically: in Node Settings, set node variable U_SSL_CA (CA certificate) to the name of the lowest CA cert.