SSL Certificates for Cross Project Compare

ray.wurlod · Post by **ray.wurlod** » Tue Mar 29, 2016 6:23 pm

Trying to perform cross project compare. I have (apparently) succeeded in importing the certificates from the two machines on which the projects exist. I can browse for the job on the attached project. But when I click OK in the Cross Project Comparison Tool to effect the comparison, an error is thrown "Failed to attach to host project '<name>' The DataStage error was: The SSL certificate must have previously been accepted in order to connect to the server <servername>.".

I reckon that Windows probably lied about importing the certificates having been successful, as I am not a Windows administrator on the client machine.

Has anyone else experienced this problem and, if so, what was the resolution?

Novak · Post by **Novak** » Tue Apr 19, 2016 8:29 am

Hi Ray,

You probably did, but just do double check...Did you install the certificate into the default path offered or did you choose the 'Trusted Root Certification Authorities' certificate store? The first option hardly ever works.

ray.wurlod · Post by **ray.wurlod** » Wed Apr 20, 2016 1:30 am

Tried both the Trusted Root Certification Authorities and the Trusted Third Party Root Certification Authorities stores. Neither worked. Even when installed by someone with local Administrator access.

GM1707 · Post by **GM1707** » Thu Apr 28, 2016 10:38 pm

did you find the resolution Ray.

ray.wurlod · Post by **ray.wurlod** » Fri Apr 29, 2016 3:47 pm

Not yet. It's not high in my list of current priorities, but I'll get back to it some time.

JRodriguez · Post by **JRodriguez** » Sat Apr 30, 2016 10:59 am

Are the two machines where the projects exist connecting to the same WAS level (Server network Deployment, Liberty) If not that might be the cause...they issue different ssl certicates... And you would need to permanently accept both ...try comparing the objects with the command line counter part utility diffapicmdline.exe

ray.wurlod · Post by **ray.wurlod** » Sat Apr 30, 2016 3:44 pm

Good thought, but they ARE managed by the same services tier. Will try the diffapicmdline utility next time I return to this problem.

Novak · Post by **Novak** » Wed Jun 01, 2016 8:57 am

Hi Ray,

Different project and still the same issue and I finally found a solution.
Installing the certificate by following what used to be sufficient does not suffice anymore.
So, our fix was:

1. Upon certificate warning click on 'View Certficate' button
2. Click on 'Certification Path' tab
3. You will likely have two certificates, one of which is marked invalid. Select it.
4. Click on ''View Certificate' button (again)
5. You will probably notice a distant date in future under 'General' tab. Click on 'Install Certificate' button
6. Install as before into 'Trusted Root Certification Authorities' and nowhere else.

You might need to go into certificate manager (certmgr.msc) to remove the certificates in the stores other than 'Trusted Root Certification Authorities'.

This approach definitely worked for us.

Cheers,

Novak