Tagged with trust_anchors - Visokio Forums http://forums.visokio.com/discussions/tagged/trust_anchors/feed.rss Mon, 30 Oct 17 17:36:29 -0400 Tagged with trust_anchors - Visokio Forums en-CA Security: Server you are connecting to does not have a valid certificate? http://forums.visokio.com/discussion/2613/security-server-you-are-connecting-to-does-not-have-a-valid-certificates Thu, 26 Jun 2014 08:07:06 -0400 Veaceslav 2613@/discussions
  • Security: SSL Certificate Error - Use your trusted certificate
  • HTTPS Certificate Error
  • Security: The server you are connecting to does not have a valid certificate
  • SSL Error - handshake alert: unrecognized_name

    • Server SSL error - The server you are connecting to does not have a valid certificate from an authorised authority


    Here is what you need to do to enable Omniscope access the url you have (e.g. "https://server-storing-my-iok-files.com/"):

    1. Download InstallCert.zip archive and unzip it (it contains two java class files: InstallCert$SavingTrustManager.class, InstallCert.class), put both of them in a folder (e.g. c:\your_path\)

    2. Open command prompt (cmd.exe) and change current dir to the folder containing the class files from step 1 (e.g. cd c:\your_path\) then execute this command:
    • java InstallCert server-storing-my-iok-files.com:443

      Note: if you don't have java installed, use the java executable located at:

      - {YOUR_OMNISCOPE_INSTALLATION_PATH}\x86\bin\java (if you have a 32 bit OS)
      - {YOUR_OMNISCOPE_INSTALLATION_PATH}\x64\bin\java (if you have a 64 bit OS)

      {YOUR_OMNISCOPE_INSTALLATION_PATH} - this is where Omniscope is installed on your machine (e.g. C:\Users\slavvi\AppData\Local\Visokio Omniscope app)

      (to check whether you have a 32-bit or 64-bit OS: open Control Panel -> System and check 'System type:')
      The command may look like this: "{YOUR_OMNISCOPE_INSTALLATION_PATH}\x64\bin\java" InstallCert server-storing-my-iok-files.com:443

      If you get the SSL error - handshake alert: unrecognized_name while executing this command please read this post: handshake alert: unrecognized_name

    3. You will be asked 'Enter certificate to add to trusted keystore or 'q' to quit: [1]', press 1 then press ENTER
    Note: After executing step 3, this message will be displayed in the console:
    Added certificate to keystore 'jssecacerts' using alias 'server-storing-my-iok-files.com-1'
    which means that this particular certificate will be trusted by java applications if 'jssecacerts' keystore is provided

    Notice that 'jssecacerts' file has been created in the folder you executed the command (e.g. c:\your_path\)

    4. Open 'installconfig.properties' file located at {YOUR_OMNISCOPE_INSTALLATION_PATH}

    5. Edit the file to add this line:
    ADDITIONAL_JVM_ARGS=-Djavax.net.ssl.trustStore="c:\your_path\jssecacerts"

    6. Restart Omniscope

    Note 1: You will get this error if you miss step 5 or the path to 'jssecacerts' is wrong:
    java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

    Note 2: If -Djavax.net.ssl.trustStore="c:\your_path\jssecacerts" points to a directory instead of a file or to a non-existent path, all SSL connections will fail (regardless whether the certificates have been authorised by the most trusted authorities, SSL connections will NOT work at all) and the same error will be displayed:
    java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

    Note 3: There can be only one path set to -Djavax.net.ssl.trustStore="c:\your_path\jssecacerts". If you need more than one trust stores, you need to merge them into a single file and set that file to javax.net.ssl.trustStore property. If this is the case, the simplest solution is to use steps 1-3 mentioned above to add each individual URL. Each entry will be appended to the same jssecacerts file.

    ]]>