Hi Dojo,
Recently configured our DMA agents with a self-signed SSL certificate and also configured a HTTP redirect to HTTPS. After the configuration, the low-code apps could load normally on the browser (of course, there's the usual security warning as it's a self-signed certificate).
However, when I tried to connect to the Agent via Cube, I get this error:
Is this due to the self-signed certificate? If so, how can I workaround this?
Any advice is appreciated. Thanks!
Hi Andrew,
The reason cube cannot connect to the DMA is because the (self-signed) certificate you configured is not trusted by your client machine. That's also why you see the security warning in the browser when accessing the webpages. Cube does not allow you to ignore such a warning, unlike browsers, so you will have to make your client machine trust the certificate.
This can be done by installing the certificate in the trusted root certificate store:
- open the certificate file by double clicking it
- click on 'install certificate'
- Select 'local machine'
- Select 'place all certificates in the following store'
- Browse to 'Trusted Root Certificate Authorities'
- Finish
After installing the certificate, the browser should no longer show the security warning and cube should be able to connect to the DMA.
Kind regards,
Thanks Seppe!
Hi,
Could you also please verify that IIS and DataMiner are confgured to use HTTPS as well?
All information can be found in following link:
Setting up HTTPS on a DMA | DataMiner Docs
Make sure the certification address in DataMiner is the same as the one of the SSL certificate.
Example:
Hope this will help you further
Thank you.. Will give it a go as well…
Hi Andrew,
Yes the issue is related to certificate, however it's not because it is self signed. You should not see any warning about certificate when accessing LCA which means there is another issue with your certificate.
Few ideas:
- Can you try using this script to generate certificate?
- Did you move your certificate to Trusted folder?
Hopefully the script will solve your problem but if not, note that certificates are unrelated to DataMiner, and since those are error prone in their nature I would suggest double checking every detail of your certificate creation process, as they are all equally important.
Let me know if I can help you with anything else,
Cheers
Thanks for the reply. Can I ask what is this Truster folder that you’re referring to?
It’s the folder where you have to move your cert to in order for it to be Trusted. Right now what you did is created a cert and added it to your personal certificates folder, however Windows doesn’t trust those. Just follow these steps:
https://learn.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate#adding-certificate-snap-ins.
Find your certificate in Personal folder(most likely, depends how and where you created your cert) and copy it to Trusted Root Certification Authorities. Note that in step 4 you may need to select Computer account instead.
Thanks for the additional info. Will give it a go.
We also faced same issue for LAB DMA with Self-Signed Certificate. It’s got fixed after adding in Trusted Folder. Please add certificate in trusted folder and try again. Hope It should work.
Thanks