After following the instructions to enable https for Operator Console and/or Admin Console in the documentation, the wasp probe starts but none of the GUI works, showing a ERR_CONNECTION_REFUSED error.

DX UIM 23.4 CU5 and above

JRE 21.x

SAN is required by latest versions of browsers.

- Followed these steps to import a new chain to the keystore based on a csr with SAN.

Deleted https_port from the wasp raw configuration, add http_port

Restarted wasp 

Confirmed port 80 is listening, checked OC/AC are working

Added https_port to configuration to recreate the wasp.keystore with a self-signed certificate 

Confirmed port 443 is listening

Deleted the wasp.keystore 

Created a keygen pair with the command

keytool -genkeypair -alias wasp -keyalg RSA -keysize 2048 -keystore wasp.keystore -dname "CN=servername, OU=Enterprise, O=Unknown, L=Unknown, ST=Unknown, C=US" -ext SAN=dns:servername.domain,ip:10.x.x.x -validity 365

Created a new CSR with Subject Alternate Name (SAN)

keytool -certreq -alias wasp -validity 365 -keystore wasp.keystore -file servername.domain.csr -ext SAN=dns:server.domain,ip:10.x.x.x

 Sent this csr to customer's security team to generate a new certificate

 Ran these commands to import the new chain of certificates.

keytool -import -alias <root|intermediate|wasp> -file <root|intermediate|wasp>.cer -keystore wasp.keystore

Confirmed that the complete chain was imported and that wasp has the PrivateKeyEntry

With the new keystore continue the configuration and testing:

- Started wasp and confirmed port 443 is listening. 

- Checked that OC started fine, including login.

At this point all is working fine in OC with HTTPS and a signed certificate.

For more information about SAN certificates:

https://www.digicert.com/faq/public-trust-and-certificates/what-is-a-multi-domain-san-certificate