dcsimg

How do I make Java recognize internal certificate authorities?

0

Products

Webtrends OnPremises 9.x
Webtrends OnPremises 8.x

Cause

Java by default only acknowledges, or allows for use, public certificate authorities. If your Webtrends User Interface is secured with a certificate from an private certificate authority (and the http port is disabled), the Report Exporter and Scheduled Reports will not work. The instructions below will allow Java to recognize your internal certificate authorities, and allow Java dependent functions to work.

Resolution

In order to complete this process, you’ll need an exported copy of the CA cert for your in house authority. Please replace the sections with the applicable alias names/paths for your environment.

On the local machine:
1. Navigate to “C:\Program Files (x86)\Java\\bin” in an Administrative Command Prompt.
2. Run:
keytool -import -trustcacerts -alias “” -file “” -keystore “C:\Program Files (x86)\Java\\lib\security\cacerts”
3. For the password, type in: changeit
4. Type “Yes” to trust the certificate.

On the server:
1. Navigate to “\common\jre\bin” in an Administrative Command Prompt.
2. Run:
keytool -import -trustcacerts -alias “” -file “” -keystore “\common\jre\lib\security\cacerts”
3. For the password, type in: changeit
4. Type “Yes” to trust the certificate.

SQL Changes:

  1. Open SQL Server Management Studio
  2. Open the wtMaster database.
  3. Edit the dbo.wt_app_confdata table
  4. Find the record that displays the URL to your user interface in the Data column.
  5. Run UPDATE statements on the wtmaster.dbo.wt_app_confdata table to UPDATE the user interface location but add port 443 and the end.Please note, that in order for Java to accept the certificate, please use the FQDN for the URL. If the data field was “http://webtrends.com”, it would be “https://webtrends.com:443”.
Example:
UPDATE [wtMaster].[dbo].[wt_app_confdata]
SET data=’https://newuserinterfaceaddress:443′
WHERE data=’http://olduserinterfaceaddress:7099′;
  1. Edit the dbo.wt_globalsetting table.
  2. Find the record with the SettingName of “Scheduled Reports URL”.
  3. If the SettingValue field is blank, leave it alone and skip to step 5.
  4. If there is an entry in the SettingValue field, give this record a SettingValue the same as the URL of the Webtrends user interface server, but add port 443 and the end.Please note, that in order for Java to accept the certificate, please use the FQDN for the URL. If the SettingValue was “https://webtrends.com”, it would be “https://webtrends.com:443”.
  5. Update the wt_Parameter table (which contains details for previously created Scheduled Reports):
    UPDATE wt_parameter
    SET value=’https://’
    WHERE parametertokenid = 201;
  6. Restart the “Webtrends – Scheduler Agent” and “Webtrends – User Interface” services.


Note:
If you weren’t previously using the FQDN to access the server, make sure to add the FQDN to the Java Security Exception list:
1. Open up the Windows Control Panel and select Java.
2. Click on the Security Tab.
3. Add the site to the Exception Site List, make sure to include the port number.