CA Service Management

  • Private Community

  • 1.  CA Certificate Error

    Posted Nov 15, 2012 05:26 PM
    We are trying to do load balancing using the CA web director for SSL authentication. We have a primary and secondary server setup. When we try to access the CA SD after the webdirector setup it gives the error that the

    There is a problem with this website's security certificate.

    The security certificate presented by this website was issued for a different website's address.

    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

    We have followed the steps to generate the Certificate and then import it in teh Keystore but when we try to import it gives the error saying that the Certificate is expired.


    Has anyone had any experience with such setup?

    Any help is appreciated.

    Thanks,
    Rashmi


  • 2.  RE: CA Certificate Error

    Posted Nov 19, 2012 12:01 AM

    rashmiy wrote:

    We are trying to do load balancing using the CA web director for SSL authentication. We have a primary and secondary server setup. When we try to access the CA SD after the webdirector setup it gives the error. . . i
    Hello Rashmi,

    I might have suggested logging an issue with Support, but I see that one has been opened recently. Let us know if there is an answer found. (You may also wish to bring some of those details over to these post to help others understand the problem.)


    Can anyone else help?


    Generally certificate issues are certificate issues. Web Director just acts like any other webengine as far as they are concerned.


    You may wish to check that there is not a switch from IIS to Tomcat occurring or vice-versa. That is, a user points to an IIS address but is ported to a Tomcat address.

    One cheating solution in this case is to use the same certificate for both. These are old instructions used in one of my issues . . . no idea if they are still valid or relevant to your platform:

    Export Cert from IIS as a .pfx file
    Add the Certificate Snap-in

    1. On the computer containing the certificate you want, select Start, then
    Run, and then type mmc to open the Microsoft Management Console.
    2. On the Console menu, click Add/Remove Snap-in
    3. Click Add button. This will open the Add Standalone Snap-in box.
    4. Select Certificates from the list and then click Add.
    5. Select Computer account and then click Next.
    6. Select Local computer and click Finished.
    7.Click Close on the Add Standalone Snap-in box.
    8.Click OK on the Add/Remove Snap-in box.

    Export the certificate from IIS 5

    1. Under the Tree tab in the Microsoft Management Console expand Certificates.
    2. Select the Personal folder and then the certificate you want to export.
    3. On the Action menu select All Tasks>Export
    4. Click Next.
    5. Select Yes, export the private key and click Next.
    6. Select Personal Information Exchange PKCS #12 (.PFX) and then click
    Next.
    7. Enter the password you used when you created the certificate and click
    Next. This will create a .pfx file.

    Point Tomcat to the new Cert
    1. Open %TOMCAT_HOME/conf/server.xml in XML or text editor
    2. Uncomment the SSL Connector is not already.
    3. Add the folloing attributes:
    keystoreFile= c:\PATH TO CERT.pfx keystorePass= PASSWORD HERE
    keystoreType= PKCS12″


    Thanks, Kyle_R.


  • 3.  RE: CA Certificate Error

     
    Posted Nov 26, 2012 06:22 PM
    Hi Rashmi,

    Were you able to resolve this? If so please let us know and if Kyle's information helped please mark his post as Accepted Solution as well.

    Thanks!
    Chris


  • 4.  RE: [CA Service Desk General Discussion] RE: CA Certificate Error

    Posted Nov 27, 2012 09:16 AM
    Hi Chris,

    This is not resolved yet. I do have a ticket open with support that they are still working on. If the post is kept open I can add the resolution here as well , once I have it.

    Regards,
    Rashmi Yadav

    From: CA Service Management Global User Community [mailto:CommunityAdmin@communities-mail.ca.com]
    Sent: Monday, November 26, 2012 6:22 PM
    To: mb.2276110.99724111@myca-email.ca.com
    Subject: [CA Service Desk General Discussion] RE: CA Certificate Error

    Hi Rashmi,

    Were you able to resolve this? If so please let us know and if Kyle's information helped please mark his post as Accepted Solution as well.

    Thanks!
    Chris
    Posted by:Chris_Hackett
    --
    CA Communities Message Boards
    99726651
    mb.2276110.99724111@myca-email.ca.com<mailto:mb.2276110.99724111@myca-email.ca.com>
    https://communities.ca.com


  • 5.  RE: [CA Service Desk General Discussion] RE: CA Certificate Error

     
    Posted Dec 05, 2012 03:07 PM
    Hi Rashmi,

    Thanks for letting everyone know the status :grin:

    Chris


  • 6.  RE: [CA Service Desk General Discussion] RE: CA Certificate Error

    Posted Jan 14, 2013 11:51 PM

    rashmiy wrote:

    . . . This is not resolved yet. I do have a ticket open with support that they are still working on. If the post is kept open I can add the resolution here as well , once I have it.

    Regards, Rashmi Yadav
    [color=#e09c14]Follow up:[color] Kyle_R.
    - - -
    Hello Rashmi,

    Can you advise current status/solution of issue to this thread? Please mark as "Answered" if you have what you need.

    Thanks, Kyle_R.