Error when logging into OneClick web configured for SSL


Article ID: 6362


Updated On:


CA Spectrum


After configuring the CA Spectrum OneClick server for SSL, an error is thrown when attempting to connect from a browser (Chrome, FireFox, IE or Safari)



The reason this error is thrown is due to the URL being used to point the browser at the OneClick server. The URL contains either an IP address or hostname that does not match that which was used to generate the certificate that was added to the OneClick server keystore. Or alternately, the DNS lookup does not resolve to the correct name/IP.


Spectrum 10.x


When generating the private, self-signed certificate, you use the following command:

./keytool -genkey -alias tomcatssl -keyalg RSA -keystore $SPECROOT/custom/keystore/cacerts


This command then asks a number of questions, the second of which is:


What is your first and last name?  


This refers to the common name (singular hostname) or the FQDN of the OneClick server . So when logging in with the browser, you need to refer to this hostname in the URL (not the IP address) for the HTTPS connection to work and the certificate to be validated by the browser. Also, you will need to import the certificate signed by your CA:

$SPECROOT/Java/bin> ./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file <PATH>/<FILENAME.cer>

Enter keystore password:

Certificate reply was installed in keystore


Now, if your DNS is not resolving the hostname of the OneClick server, then modify your hosts file (In Windows: ~\win32\drivers\etc\hosts, in Linux/Solaris /etc/hosts) file to include both the singular and FQDN hostnames of the OneClick server so as to get around the problems with your DNS. Then in the browser, target the OneClick server URL using:



Additional Information

Please reference the "Configure OneClick for Secure Sockets Layer" section of the documentation for more information.


1558691045200000006362_sktwi1f5rjvs16ghb.png get_app