When generating the private, self-signed certificate, you use the following command:
./keytool -genkey -alias tomcatssl -keyalg RSA -keystore $SPECROOT/custom/keystore/cacerts
This command then asks a number of questions, the second of which is:
What is your first and last name?
This refers to the common name (singular hostname) or the FQDN of the OneClick server . So when logging in with the browser, you need to refer to this hostname in the URL (not the IP address) for the HTTPS connection to work and the certificate to be validated by the browser.
Also, you will need to import the certificate signed by your CA:
$SPECROOT/Java/bin> ./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file <PATH>/<FILENAME.cer>
Enter keystore password:
Certificate reply was installed in keystore
Now, if your DNS is not resolving the hostname of the OneClick server, then modify your hosts file (In Windows: ~\win32\drivers\etc\hosts, in Linux/Solaris /etc/hosts) file to include both the singular and FQDN hostnames of the OneClick server so as to get around the problems with your DNS.
Then in the browser, target the OneClick server URL using: