Error when logging into OneClick web configured for SSL

Document ID : KB000006362
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

After configuring the CA Spectrum OneClick server for SSL, an error is thrown when attempting to connect from a browser (Chrome, FireFox, IE or Safari)

 

Connection_not_private_error.png

Environment:
Spectrum 9.4.x and 10.x
Cause:
The reason this error is thrown is due to the URL being used to point the browser at the OneClick server. The URL contains either an IP address or hostname that does not match that which was used to generate the certificate that was added to the OneClick server keystore. Or alternately, the DNS lookup does not resolve to the correct name/IP.
 
 
Resolution:
When generating the private, self-signed certificate, you use the following command:
 

./keytool -genkey -alias tomcatssl -keyalg RSA -keystore $SPECROOT/custom/keystore/cacerts

 
This command then asks a number of questions, the second of which is:
 
What is your first and last name?  
 
This refers to the common name (singular hostname) or the FQDN of the OneClick server . So when logging in with the browser, you need to refer to this hostname in the URL (not the IP address) for the HTTPS connection to work and the certificate to be validated by the browser. 
 
Also, you will need to import the certificate signed by your CA:
 
$SPECROOT/Java/bin> ./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file <PATH>/<FILENAME.cer>
Enter keystore password:
Certificate reply was installed in keystore
 
Now, if your DNS is not resolving the hostname of the OneClick server, then modify your hosts file (In Windows: ~\win32\drivers\etc\hosts, in Linux/Solaris /etc/hosts) file to include both the singular and FQDN hostnames of the OneClick server so as to get around the problems with your DNS.
Then in the browser, target the OneClick server URL using:
 
https://<HOSTNAME>:443/spectrum
Additional Information: