Clarity

Scenario:

We recently installed a new self-signed certificate in our production environment.

The new certificate was installed to %NIKU_HOME%\config\New Certificate, whereas previous certificates were installed to %NIKU_HOME%\config\.

The NSA --> Properties --> Security --> Encryption --> SSL Keystore field was updated to %NIKU_HOME%\config\New Certificate\.keystore, and all services were restarted from command line.

Results:

1. The Clarity UI accepts the new certificate, and is accessible by https.
2. Open Workbench presents an Accept Certificate box each time it is launched, either stand-alone or from the Clarity UI. Regardless of which option is chosen (Yes, No, Save), OWB loads normally:
3. We have a scheduled job which executes a process that XOGs out timesheet information in XML format. When the GEL script points to https://AppServer, the job fails. If I change the script to point to HTTP://AppServer and enable http in the NSA, the job succeeds.

Questions:

1. Is it hard-coded for OWB and BG processes to look at %NIKU_HOME%\config\ for a valid SSL certificate?
2. If not, any ideas why these two elements are balking at the new cert?

Thanks for any help!

_______________________________________________________

Jeff Bland

Architecture and Enterprise Systems Administration

Publix Supermarkets, Inc.

Just wondering again...

Did you import the cert to \lib\security\cacerts in your java_home?

Martti K.

another_martink:

Just wondering again...

Did you import the cert to \lib\security\cacerts in your java_home?

 

Martti K.

We did via command line:

keytool -import -keystore d:\Niku\Clarity\config\New Certificate\.keystore -keyalg RSA -file \intermediate.crt -alias intercert

That sounds like No as the answer to my question.

The way I see it is that the certs by CA's (Certficate Authorities) are already in cacerts, but because you have a selfsigned cert it is not in there and you have to import it.

See

https://communities.ca.com/web/ca-clarity-global-user-community/message-board/-/message_boards/message/101645751?p_p_auth=2h6gIqeW&#p_19

Other threads.

Notes from my learning path are in

https://communities.ca.com/web/ca-clarity-global-user-community/message-board/-/message_boards/message/100401280?p_p_auth=2h6gIqeW&#p_19

Good threads on this are

https://communities.ca.com/web/ca-clarity-global-user-community/message-board/-/message_boards/view_message/100460156?&#p_19

https://communities.ca.com/web/ca-clarity-global-user-community/message-board/-/message_boards/view_message/97402596?&#_19_message_97425708

Martti K.