AppWorx, Dollar Universe and Sysload Community

 View Only
  • 1.  $U Web Manager unable to use windows cert keystore

    Posted Oct 07, 2019 05:12 AM
    ​$U 6.9.61 Windows 2012 R2 64 bit

    Using $U Web manager to call REST API endpoints. When the API endpoints are running http this is fine but when some of the APIs are running https the message 'Peer not authenticated is appearing in the log'.

    Usually this message just means that the certificate for the API server needs to be added to the java keystore. When this was done with JEE restart, in fact the server hosting $U was restarted, the same peer not authenticated message was received.

    From the manual it indicates that an external keystore needs to be used to allow this trust. It is possible to hit the target URL using IE on the box so it would be good if $U Web Manager could use the windows keystore.

    Unfortuately so far any attempts to use an external keystore (out with the java keystore) have been unsuccessful.

    Has anyone come across a similar issue and have a solution.

    As an aside a powershell script will resolve this issue however development up to this point has been with the $U web manager  so would rather continue with that rather than some redesign work.


  • 2.  RE: $U Web Manager unable to use windows cert keystore

    Broadcom Employee
    Posted Oct 14, 2019 05:30 AM
    Hi,

    It should work, but you can verify which keystore is used by tracing the start of the Manager.

    A way to have more information is to update unisrv.bat of the Manager:
    - Add -Djavax.net.debug=all before all -jar in the script (should be 3)
    - Replace 
    if not defined LAUNCHCMD (
       "%UNI_DIR_EXEC%\unilogmsg" 2 0 "unisrv" NOALGO  "Unable to start server with code: %SERVER_CODE%"
       exit /b 1
    )
    %LAUNCHCMD%
    by
     
    if not defined LAUNCHCMD (
       "%UNI_DIR_EXEC%\unilogmsg" 2 0 "unisrv" NOALGO  "Unable to start server with code: %SERVER_CODE%"
       exit /b 1
    )

    "%UNI_DIR_EXEC%\unilogmsg" 4 0 "unisrv" NOALGO  "Executing command %LAUNCHCMD%"
    if ."%SERVER_CODE%".==."JEE". (
       %LAUNCHCMD% > C:\temp\trace.out 2>&1
    )
    if not ."%SERVER_CODE%".==."JEE". (
       %LAUNCHCMD%
    )
     
    - and restart the Manager 

    That way, you will have more information in the trace.out especially the java keystore.

    Regards,



  • 3.  RE: $U Web Manager unable to use windows cert keystore

    Posted Oct 14, 2019 10:32 AM
    Edited by Opal Salter Oct 16, 2019 07:44 AM
    Facing same issue.


  • 4.  RE: $U Web Manager unable to use windows cert keystore
    Best Answer

    Broadcom Employee
    Posted Oct 14, 2019 11:23 AM
    Sure, this is just a way to trace the Manager to check keystrores used, not to solve the issue. I recommend you to open a case and give these traces to support team.