FSS UI Certificate Expired so not loading
FSS UI stopped loading up recently. It was working before.
No change on the Policy server or OS has been made recently.
Following error message is displayed in IE.
The FSS UI certificate that is shipped with the above version of Policy server has expired effectively from October 16, 2016.
So, post this date, the Java security wouldn't allow FSS UI to load due to expired certificate.
How to validate the certificate expiry date
- Open Java control panel
- Click Security --> Manage Certificates
<Please see attached file for image>
- Double Click the certificate issued to "CA Inc"
<Please see attached file for image>
- Note the Validity date as "October 16 , 2016"
<Please see attached file for image>
Alternatively, if you enable the Java tracing from Java control panel, then you will see the certificate expiry related error as below :
Policy Server : Affected upto 12.52 SP1 CR6 and 12.52 SP2 CR1OS : ANYWeb Server : ANYJava : 1.7 or 1.8
Add the FSS UI site URL as exception in the Java control panel.
- Open Java control panel.
- Click Security --> Edit Site List
- Click Add and add the site in the following format : http://hostname:<port>/ For e.g In the following case the FSS UI Url is : http://ps1252sp2/siteminder/smadmin2_en.html (port being default 80 ) so the site that needs to be added is http://ps1252sp2:80/
Testing
1. Delete browser history and launch FSSUI
2. Click the check box below to accept the security warning and click Run
3. You will then be shown the FSS UI login page
Resolution
CA is working on renewing the expired certificate. If you can't utilise the workaround provided , please open a support case so we can provide you the renewed certificate as a development fix.