DX NetOps

HI Shahla,

Are you using a private self-signed certificate or a CA (Certificate Authority-Signed) certificate?

By the way, you can upgrade directly from 10.3 to 10.4.1.

------------------------------
Technical Support Engineer IV
Broadcom Inc
------------------------------

Original Message:
Sent: 05-19-2020 12:21 PM
From: Shahla Tabarzadi
Subject: Upgraded to 10.4.1

Hello-

I upgraded my dev 10.3 Spectrum/OneClick Environment to 10.4 and then 10.4.1. The upgrade was very smooth. And I changed the path in server.xml of One Click server

From   keystoreFile="custom/keystore/cacerts" To   keystoreFile="opt/spectrum/custom/keystore/cacerts"

However my connection to the site is " even though I installed the new certificate last week.

 

Do I need to install a new certificate?

 

Stay safe.

________________________________

Regards,

Shahla Tabarzadi

House Information Resources

Network Engineering and Operations

O: 202.226.6266/ C: 202.580.9525

Team:NMSAdmin@mail.house.gov

_________________________________

Office of the Chief Administrative Officer

202 225-8000 (First Call)

https://HouseNet.house.gov

Follow the CAO:   

 

 

 

Original Message------

HI Shahla,

Are you using a private self-signed certificate or a CA (Certificate Authority-Signed) certificate?

By the way, you can upgrade directly from 10.3 to 10.4.1.

------------------------------
Technical Support Engineer IV
Broadcom Inc
------------------------------

Both Certificate Authority-signed certificates and self-signed certificates provide secure connections using SSL encryption. However, certificates signed by a Certificate Authority provide an additional level of security. These certificates verify the creator of the certificate and certify that the product is truly from that vendor. Certificates that are signed by a Certificate Authority protect servers by making it difficult to impersonate a trusted entity (the certified vendor). However, self-signed certificates are appropriate if you require the encryption that an SSL certificate provides without requiring proof of the certificate source.

------------------------------
Technical Support Engineer IV
Broadcom Inc
------------------------------

Original Message:
Sent: 05-19-2020 01:54 PM
From: Shahla Tabarzadi
Subject: Upgraded to 10.4.1

Hello again-

What do you recommend?

Sent from my iPhone

Original Message------

HI Shahla,

Are you using a private self-signed certificate or a CA (Certificate Authority-Signed) certificate?

By the way, you can upgrade directly from 10.3 to 10.4.1.

------------------------------
Technical Support Engineer IV
Broadcom Inc
------------------------------

Original Message------

Both Certificate Authority-signed certificates and self-signed certificates provide secure connections using SSL encryption. However, certificates signed by a Certificate Authority provide an additional level of security. These certificates verify the creator of the certificate and certify that the product is truly from that vendor. Certificates that are signed by a Certificate Authority protect servers by making it difficult to impersonate a trusted entity (the certified vendor). However, self-signed certificates are appropriate if you require the encryption that an SSL certificate provides without requiring proof of the certificate source.

------------------------------
Technical Support Engineer IV
Broadcom Inc
------------------------------

It would not overwrite anything. Check the path for cacerts. If the path is wrong, usually an error message is displayed during the Tomcat startup.

------------------------------
Senior Consultant
SolvIT Networks
------------------------------

Original Message:
Sent: 05-19-2020 06:37 PM
From: Shahla Tabarzadi
Subject: Upgraded to 10.4.1

Hello -

I understand, but my question is that if 4.1 over write the private certificate which is already installed bc earlier version would not replace the certificate.
Thanks and stay safe 

Sent from my iPhone

Original Message------

Both Certificate Authority-signed certificates and self-signed certificates provide secure connections using SSL encryption. However, certificates signed by a Certificate Authority provide an additional level of security. These certificates verify the creator of the certificate and certify that the product is truly from that vendor. Certificates that are signed by a Certificate Authority protect servers by making it difficult to impersonate a trusted entity (the certified vendor). However, self-signed certificates are appropriate if you require the encryption that an SSL certificate provides without requiring proof of the certificate source.

------------------------------
Technical Support Engineer IV
Broadcom Inc
------------------------------

Original Message------

Hello -

I understand, but my question is that if 4.1 over write the private certificate which is already installed bc earlier version would not replace the certificate.
Thanks and stay safe 

Sent from my iPhone

Original Message------

And to present that should we make a copy of cacerts prior to upgrade .

Original Message------

Hi- 

Hello

If your certificate was valid before the upgrade it will be still valid after the upgrade.

Any particular reason for changing the location?

Maybe a bit more detail around the "not secure" bit will be helpful. Have you tried different browsers?
Is the certificate you are using actually the the one you think you are using?
When you use Keytool on the keystore, what certificate is in there?

maybe a command a bit like:

keytool -v -list -keystore  custom/keystore/cacerts

or
keytool -v -list -keystore opt/spectrum/custom/keystore/cacerts

These commands won't work because your path is incorrect. I'm guessing you are on linix and have missed the / 
You'll also need to know the keystore password. Default is usally changeme or changeit, but it will be in the server.xml file
in the config directory

let us know how you get on

Original Message:
Sent: 05-20-2020 07:50 AM
From: Shahla Tabarzadi
Subject: Upgraded to 10.4.1

The path is correct.

Sent from my iPhone

Original Message------

Hi-