Page 1 of 1
SSL Certificates for Cross Project Compare
Posted: Tue Mar 29, 2016 6:23 pm
by ray.wurlod
Trying to perform cross project compare. I have (apparently) succeeded in importing the certificates from the two machines on which the projects exist. I can browse for the job on the attached project. But when I click OK in the Cross Project Comparison Tool to effect the comparison, an error is thrown "Failed to attach to host project '<name>' The DataStage error was: The SSL certificate must have previously been accepted in order to connect to the server <servername>.".
I reckon that Windows probably lied about importing the certificates having been successful, as I am not a Windows administrator on the client machine.
Has anyone else experienced this problem and, if so, what was the resolution?
Posted: Tue Apr 19, 2016 8:29 am
by Novak
Hi Ray,
You probably did, but just do double check...Did you install the certificate into the default path offered or did you choose the 'Trusted Root Certification Authorities' certificate store? The first option hardly ever works.
Posted: Wed Apr 20, 2016 1:30 am
by ray.wurlod
Tried both the Trusted Root Certification Authorities and the Trusted Third Party Root Certification Authorities stores. Neither worked. Even when installed by someone with local Administrator access.
Posted: Thu Apr 28, 2016 10:38 pm
by GM1707
did you find the resolution Ray.
Posted: Fri Apr 29, 2016 3:47 pm
by ray.wurlod
Not yet. It's not high in my list of current priorities, but I'll get back to it some time.
Posted: Sat Apr 30, 2016 10:59 am
by JRodriguez
Are the two machines where the projects exist connecting to the same WAS level (Server network Deployment, Liberty) If not that might be the cause...they issue different ssl certicates... And you would need to permanently accept both ...try comparing the objects with the command line counter part utility diffapicmdline.exe
Posted: Sat Apr 30, 2016 3:44 pm
by ray.wurlod
Good thought, but they ARE managed by the same services tier. Will try the diffapicmdline utility next time I return to this problem.
Posted: Wed Jun 01, 2016 8:57 am
by Novak
Hi Ray,
Different project and still the same issue and I finally found a solution.
Installing the certificate by following what used to be sufficient does not suffice anymore.
So, our fix was:
1. Upon certificate warning click on 'View Certficate' button
2. Click on 'Certification Path' tab
3. You will likely have two certificates, one of which is marked invalid. Select it.
4. Click on ''View Certificate' button (again)
5. You will probably notice a distant date in future under 'General' tab. Click on 'Install Certificate' button
6. Install as before into 'Trusted Root Certification Authorities' and nowhere else.
You might need to go into certificate manager (certmgr.msc) to remove the certificates in the stores other than 'Trusted Root Certification Authorities'.
This approach definitely worked for us.
Cheers,
Novak