UMP certificate error on chrome

book

Article ID: 77021

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

  • After following the instructions to enable https on the UMP all works as expected when opening the UMP in IE but the site still generates a certificate error when opened in chrome.
  • The CA (certificate authority) root certificate has been added to the "trusted root certificate store"

Cause

Since chrome build 58, chrome has increased the security requirements for https see here

Environment

Release: CNMSPP99000-8.51-Unified Infrastructure Mgmt-Server Pack-- On Prem
Component:

Resolution

Add the Subject alternative name (SAN) to the keytool commands to generate the key pair and certificate request.

Key Pair
 
<UMP or UIM server_installation>/jre/<jre_version>/bin/keytool -genkeypair -alias wasp -keyalg RSA -keysize 2048 -keystore wasp.keystore  -validity <days_cert_is_valid> -ext SAN=dns:<FQDN>
Certificate request
<UMP or UIM server_installation>/jre/<jre_version>/bin/keytool -certreq -alias wasp -validity 365 -keystore wasp.keystore -ext SAN=dns:<FQDN> -file wasp.csr