- Product Version:
- Problem Description:
- Cause:
- The SSL certificate installed on the ServosityOBS server is found to be invalid
- The SSL certificate installed on the ServosityOBS server has expired
- The SSL certificate installed on the ServosityOBS server is a self-signed certificate
- The SSL certificate installed on the ServosityOBS server is not signed by a Java trusted root Certificate Authority
- A Wildcard SSL certificate has been installed on the ServosityOBS server (applies to version prior to 5.2.7.0 only)
- The hostname setting on the ServosityPro console does not match up with the hostname which the SSL certificate is issued to
- ServosityPro is installed on an OS platform that is bundled with an older versions of Java
- Resolution:
ServosityStandard: Post-5.2.6.3
ServosityPro: Post-5.2.6.3
OS: All platforms
ServosityPro: Post-5.2.6.3
OS: All platforms
ServosityPro/ ServosityStandard cannot connect to a ServosityOBS server via the HTTPS protocol. Upon further investigation, backup job that is scheduled to be run is also not running.
A security patch has been introduced in ServosityPro/ ServosityStandard version 5.2.6.3 to assure that the SSL certificate be validated.
Thus, if the HTTPS protocol is selected, and one of the following conditions is met. The connection to the corresponding ServosityOBS server will not be allowed:
Since the cacerts file (located in %JAVA_PATH%/lib/security) has not been updated with the current list of Certificate Authority (CA), hence a newer CA's may not have existed when these versions of Java were released.
Thus, if the HTTPS protocol is selected, and one of the following conditions is met. The connection to the corresponding ServosityOBS server will not be allowed:
Since the cacerts file (located in %JAVA_PATH%/lib/security) has not been updated with the current list of Certificate Authority (CA), hence a newer CA's may not have existed when these versions of Java were released.
Please connect to the ServosityProOBS server using the server hostname instead of server IP.
Ensure that the SSL certificate installed on the ServosityProOBS server is valid, and not expired.
Verify if the backup server hostname entered on the ServosityPro console does match up with the hostname which the SSL certificate is issued to. Please pay close attention to the case of the hostname, as the setting is case sensitive.
In the cases where the SSL certificate installed is a self-signed certificate, please update the cacerts file on the affected machine to resolve the issue. The instructions can be found here
http://servosity.zendesk.com/entries/134910-faq-how-do-i-import-a-self-signed-certificate-to-a-keystore-cacerts-file
In the cases where the SSL certificate installed on the ServosityOBS server is not signed by a Java trusted root Certificate Authority, please update the cacerts file on the affected machine to resolve the issue. The instructions can be found here
http://servosity.zendesk.com/entries/135252-how-do-i-add-a-certification-authority-to-java-s-keystore-cacerts-file
In the cases where a Wildcard SSL certificate has been installed on the ServosityOBS server, please patch the software to the latest hot-fix release. The instruction can be found here
http://servosity.zendesk.com/entries/118962-faq-how-to-install-the-latest-patch-set-or-hotfixes-to-servosityobs-or-servosityrps
In the cases where ServosityPro is installed on an OS platform which utilize an older version of Java, please follow the instructions as follow:
1. Download the updated cacerts file
2. Stop the ServosityPro scheduler and AUA services
3. Rename the current %JAVA_PATH%/lib/security/cacerts file to %JAVA_PATH%/lib/security/cacerts.old
4. Extract the download cacerts file to the %JAVA_PATH%/lib/security directory
Ensure that the SSL certificate installed on the ServosityProOBS server is valid, and not expired.
Verify if the backup server hostname entered on the ServosityPro console does match up with the hostname which the SSL certificate is issued to. Please pay close attention to the case of the hostname, as the setting is case sensitive.
In the cases where the SSL certificate installed is a self-signed certificate, please update the cacerts file on the affected machine to resolve the issue. The instructions can be found here
http://servosity.zendesk.com/entries/134910-faq-how-do-i-import-a-self-signed-certificate-to-a-keystore-cacerts-file
In the cases where the SSL certificate installed on the ServosityOBS server is not signed by a Java trusted root Certificate Authority, please update the cacerts file on the affected machine to resolve the issue. The instructions can be found here
http://servosity.zendesk.com/entries/135252-how-do-i-add-a-certification-authority-to-java-s-keystore-cacerts-file
In the cases where a Wildcard SSL certificate has been installed on the ServosityOBS server, please patch the software to the latest hot-fix release. The instruction can be found here
http://servosity.zendesk.com/entries/118962-faq-how-to-install-the-latest-patch-set-or-hotfixes-to-servosityobs-or-servosityrps
In the cases where ServosityPro is installed on an OS platform which utilize an older version of Java, please follow the instructions as follow:
1. Download the updated cacerts file
2. Stop the ServosityPro scheduler and AUA services
3. Rename the current %JAVA_PATH%/lib/security/cacerts file to %JAVA_PATH%/lib/security/cacerts.old
4. Extract the download cacerts file to the %JAVA_PATH%/lib/security directory