Error when logging into OneClick web configured for SSL

book

Article ID: 6362

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

After configuring the CA Spectrum OneClick server for SSL, an error is thrown when attempting to connect from a browser (Chrome, FireFox, IE or Safari)

 

Cause

The reason this error is thrown is due to the URL being used to point the browser at the OneClick server. The URL contains either an IP address or hostname that does not match that which was used to generate the certificate that was added to the OneClick server keystore. Or alternately, the DNS lookup does not resolve to the correct name/IP.

Environment

Spectrum 10.x

Resolution

When generating the private, self-signed certificate, you use the following command:



./keytool -genkey -alias tomcatssl -keyalg RSA -keystore $SPECROOT/custom/keystore/cacerts


 


This command then asks a number of questions, the second of which is:


 


What is your first and last name?  


 


This refers to the common name (singular hostname) or the FQDN of the OneClick server . So when logging in with the browser, you need to refer to this hostname in the URL (not the IP address) for the HTTPS connection to work and the certificate to be validated by the browser. Also, you will need to import the certificate signed by your CA:




$SPECROOT/Java/bin> ./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file <PATH>/<FILENAME.cer>


Enter keystore password:


Certificate reply was installed in keystore


 



Now, if your DNS is not resolving the hostname of the OneClick server, then modify your hosts file (In Windows: ~\win32\drivers\etc\hosts, in Linux/Solaris /etc/hosts) file to include both the singular and FQDN hostnames of the OneClick server so as to get around the problems with your DNS. Then in the browser, target the OneClick server URL using:


 


https://<HOSTNAME>:443/spectrum

Additional Information

Please reference the "Configure OneClick for Secure Sockets Layer" section of the documentation for more information.

https://docops.ca.com/ca-spectrum/10-3-0/en/administrating/oneclick-administration/oneclick-server-communications-and-network-configuration/configure-oneclick-for-secure-sockets-layer/

Attachments

1558691045200000006362_sktwi1f5rjvs16ghb.png get_app