This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Configure DPA to use a custom certificate for SSL/TLS steps not working

Hi All,

I am trying to install the Wildcard SSL certificate for the DPA server using the steps described in Configure DPA to use a custom certificate for SSL/TLS (solarwinds.com)

However, the steps itself is rife with an issue like malicious URL: Reported Unsafe Site: Navigation Blocked (sourceforge.net)

Any help and suggestions would be greatly appreciated 

Parents
  • RE:  and even when you have successfully downloaded the portecle.jar file, it cannot be executed by the command line or double-clicking the file.

    The steps in the Solarwinds KB Configure DPA to use a custom certificate for SSL/TLS include steps of how to run portecle.jar:

    This doc references the use of Portecle because we've found it makes it easier for various Apache Tomcat configurations and customizations. You can run Portecle using the embedded Java Runtime (JRE) that is included with DPA as follows:

    • Windows<DPA-dir>\iwc\jre\bin\java.exe -jar <Portecle-dir>\portecle.jar
    • Linux: <DPA-dir>/iwc/jre_linux/bin/java -jar <Portecle-dir>/portecle.jar

    The DPA Server is based on Apache Tomcat. So if you want to avoid use of the portecle tool, you can also follow the steps to setup Tomcat SSL and certificates on the Apache Tomcat SSL/TLS Configuration HOW-To page - covering everything from creating a keystore from scratch, the default Tomcat keystore password of "changeit" and how to change it, to how to create a self-signed certificate, and how to install a certificate from a CA.  

    Note the keystore password is used by DPA/Tomcat to look up/store the certificates inserted in the keystore.  When adding a certificate, you provide a key password for that specific certificate which can/should be different from the keystore password. When Tomcat fetches a certificate, it uses the keystore password stored in the server.xml file to decrypt the keystore and look up the certificate requested. However, that certificate itself can't be used without its own corresponding key password. 

  • Hi , thank you for the update.

    I now have executed the portecle.JAR successfully, however, since my Wildcard certificate is only available in .PFX and .CER format, how can I proceed?

    There is no procedure to import that certificate types in any of the KB article?

  • Hi , in the KB article, which case steps did you try to create a .keystore file? - i.e., in the KB, search for "Follow steps based on what files you already have." and then follow either Case A, Case B, or Case C steps.   If you want to use the .PFX file to create the .keystore file, then follow the steps in Case A.  If you instead want to use your .cer file, follow the steps in Case B.  

Reply
  • Hi , in the KB article, which case steps did you try to create a .keystore file? - i.e., in the KB, search for "Follow steps based on what files you already have." and then follow either Case A, Case B, or Case C steps.   If you want to use the .PFX file to create the .keystore file, then follow the steps in Case A.  If you instead want to use your .cer file, follow the steps in Case B.  

Children
No Data