This section helps you troubleshoot SSL server certificate–related issues that you might encounter in the product console.

1. Blocked Content

Description:
This problem arises when the product console is configured to use HTTPS under connection settings while an integrated component is still configured to use HTTP. As a result, the component cannot be accessed from the apps pane.

Resolution:
If the product console uses HTTPS, all integrated components must also be configured to use HTTPS (SSL) for successful access.

2. Certificate Name Mismatch

Description:
This error occurs when the common name of the SSL certificate does not exactly match the hostname of the server hosting the product console.

Resolution:
Obtain a new SSL certificate for the current hostname of the server.

3. Hostname Mismatch

Description:
This error occurs when the SSL certificate of a component is issued for a hostname that differs from the hostname of the product console. For example, the console could be installed on a parent domain while a component runs on a child domain.

Resolution:
Configure a valid SSL wildcard certificate and apply it to both the product console and the component.

4. Invalid Certificate

Description:
This error occurs when the SSL certificate configured with the product console is invalid (for example, expired or improperly issued).

Resolution:
Reconfigure the product console to use a valid SSL certificate.

5. Problem Trusting the Security Certificate

Description:
This error occurs when a component integrated with the product console is running on an older build.

Resolution:
Upgrade all integrated components to the latest build.

6. Certificate Not Trusted by JVM (Advanced Scenario)

Description:
This exception occurs when you configure an SMTP mail server or web server with SSL in the product console and the server uses a self-signed certificate. The Java Runtime Environment (JRE) bundled with the console does not trust self-signed certificates unless explicitly imported.

Resolution:

You need to import the self-signed certificates used by the server in the JRE package used by the product console. Follow the steps given below:

Step 1: Download the certificate

For SMTP servers:

Note:

• To download the certificate used by SMTP server, you must have OpenSSL installed. You can download it from here.

• Open the command prompt and change to the bin folder in the OpenSSL installed location.

• Now run the following command,

openssl.exe s_client -connect SMTPServer: Portno -starttls smtp > certificatename.cer

• For example, openssl.exe s_client -connect smtp.gmail.com:587 -starttls smtp > gmailcert.cer

For Web Servers:

• Open the web URL in a browser.

• Click the padlock icon on the address bar.

• Click More Information. This opens the Certificate Viewer window showing the certificate used by that web server.

• Click View Certificate.

• When the Certificate window showing Certificate Information Authority opens, click the Details tab.

• Click Copy to File.

• In the Certificate Export Wizard that opens, click Next.

• Select the format as DRE encoded binary X.509 (.CER) and click Next.

• Enter the path where you wish to save the file and click Finish.

Step 2: Import the certificates in JRE package of the product console.

• Open a command prompt and change to the \jre\bin folder. For example: C:\ManageEngine\product console name\jre\bin.

• Run the following command,

• Keytool -importcert -alias myprivateroot -keystore ..\lib\security\cacerts -file

• For example: Keytool -importcert -alias myprivateroot -keystore ..\lib\security\cacerts -file C:\smtpcert.cer

• Enter changeit when prompted for a password.

• Enter y when prompted Yes or No.

• Close the command prompt and restart the product.