Error when logging into OneClick web configured for SSL

Article Id: 6362
Status: Published
Updated On: 08-05-2020 10:25
Legacy Id: TEC1771365
Products:
CA Spectrum
Issue/Introduction:

After configuring the CA Spectrum OneClick server for SSL, an error is thrown when attempting to connect from a browser (Chrome, FireFox, IE or Safari)

 

Cause:

The reason this error is thrown is due to the URL being used to point the browser at the OneClick server. The URL contains either an IP address or hostname that does not match that which was used to generate the certificate that was added to the OneClick server keystore. Or alternately, the DNS lookup does not resolve to the correct name/IP.

Environment:

Spectrum 10.x

Resolution:

When generating the private, self-signed certificate, you use the following command:



./keytool -genkey -alias tomcatssl -keyalg RSA -keystore $SPECROOT/custom/keystore/cacerts


 


This command then asks a number of questions, the second of which is:


 


What is your first and last name?  


 


This refers to the common name (singular hostname) or the FQDN of the OneClick server . So when logging in with the browser, you need to refer to this hostname in the URL (not the IP address) for the HTTPS connection to work and the certificate to be validated by the browser. Also, you will need to import the certificate signed by your CA:




$SPECROOT/Java/bin> ./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file <PATH>/<FILENAME.cer>


Enter keystore password:


Certificate reply was installed in keystore


 



Now, if your DNS is not resolving the hostname of the OneClick server, then modify your hosts file (In Windows: ~\win32\drivers\etc\hosts, in Linux/Solaris /etc/hosts) file to include both the singular and FQDN hostnames of the OneClick server so as to get around the problems with your DNS. Then in the browser, target the OneClick server URL using:


 


https://<HOSTNAME>:443/spectrum

Additional Information:

Please reference the "Configure OneClick for Secure Sockets Layer" section of the documentation for more information.

https://docops.ca.com/ca-spectrum/10-3-0/en/administrating/oneclick-administration/oneclick-server-communications-and-network-configuration/configure-oneclick-for-secure-sockets-layer/

insert_drive_file 1558691045200000006362_sktwi1f5rjvs16ghb.png
arrow_downward Download