Can't log into SSIM after 4.6.2 upgrade
Hi, I just upgraded SSIM to 4.6.2 (Maintenance Pack 2) and when I try to log into the client I get the following message:
The notification service is not running. This service is required for security reasons.
The application will now exit.
com.symantec.sim.rx.RXAuthException: Unable to validate session
at com.symantec.sim.sal.auth.rx.SIMAuthManager.getNewAdminSession(SIMAuthManager.java:84)
at com.symantec.sim.sal.auth.rx.SIMAuthManager.validateCredential(SIMAuthManager.java:216)
at com.symantec.sim.rx.RXTcpService$WorkerTask.validateSession(RXTcpService.java:915)
at com.symantec.sim.rx.RXTcpService$WorkerTask.handleMethodCall(RXTcpService.java:723)
at com.symantec.sim.rx.RXTcpService$WorkerTask.run(RXTcpService.java:654)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: ERROR_DIRMGRAPI_PROXY_SERVER_UNAVAILABLE (1033) java.security.cert.CertificateException: Untrusted Server Certificate Chain
at com.symantec.management.admin.client.AdminSession.sendRequest(AdminSession.java:2752)
at com.symantec.management.admin.client.AdminSession.open(AdminSession.java:294)
at com.symantec.management.admin.client.AdminSession.open(AdminSession.java:278)
at com.symantec.sim.sal.auth.SesaAuthenticator.authenticate(SesaAuthenticator.java:120)
at com.symantec.sim.sal.auth.rx.SIMAuthManager.getNewAdminSession(SIMAuthManager.java:79)
I can't log into the web console either. There I get the message:
java.security.cert.CertificateException: Untrusted Server Certificate Chain
Any suggestions?
Comments
Are you using a signed
Are you using a signed certificate?
Yup. I did 2 things but
Yup. I did 2 things but neither worked.
1) First I copied the cacert file from the SSIM box /opt/jdk/jre/lib/security to C:\Program Files\Symantec\Security Information Manager\jre\vm\lib\security (overwrite). Closed/opened the client and web session and tried again but neither worked.
2) Second, I copied the cacerts file and the self-signed certificate (ssim.cer) into the directoy: C:\Program Files\Symantec\Security Information Manager\jre\vm\bin. Then I opened a command prompt (cmd) and I changed directory (cd) to that same directory. Then I ran the command: keytool -importcert -file ssim.cer -keystore ..\lib\security\cacerts -storepass changeit. Tried again but didn't work.
Did you import the CA
Did you import the CA certificate on the SSIM appliance first?
If the notificationsvc did not start on the SSIM appliance then the CA is not known on the appliance itself.
This might have happened because the Java version on the appliance got updated with MP2.
The keytool on the appliance is located in /opt/jdk/jre/bin/
You maybe can also find your
You maybe can also find your old cacerts file in /usr/Symantec/sesa-jdk-<older java version>/jre/lib/security/.
You could then copy the file over to the new version 1.6.0_13
No luck yet. Tried both, but
No luck yet. Tried both, but still can't login. Any way to remove the self-signed certificate altogether, if necessary? Ever since we decided to use a certificate, it has been a pain dealing with Java...
Erorr in web interface:
java.security.cert.CertificateException: Untrusted Server Certificate Chain
Error in client:
Certificate error occured while trying to connect to the specified host.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.symantec.sim.app.SimApplication.validateIP(SimApplication.java:955)
at com.symantec.sim.app.SimApplication$2.construct(SimApplication.java:688)
at com.symantec.sim.uilib.util.SwingWorker$2.run(SwingWorker.java:169)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown Source)
at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(Unknown Source)
at com.symantec.sim.app.security.CustomX509TrustManager.checkServerTrusted(CustomX509TrustManager.java:137)
Did you restart all the
Did you restart all the services afterwards or reboot the box?
Ahh did everything again from
Ahh did everything again from scratch adding the reboot and this time it worked!
Just so you know for further reference I:
1) Copied the cacerts file from /usr/Symantec/sesa-jdk-1.6.0_04/jre/lib/security/ to /usr/Symantec/sesa-jdk-1.6.0_11/jre/lib/security/
2) Reboot
3) Web page worked fine, client still had certificate issues
4) Copied the cacerts file from \opt\jdk\jre\lib\security to c:\Program Files\Symantec\Security Information Manager\jre\vm\lib\security (overwrite)
5) Copied the self-signed certificate to c:\Program Files\Symantec\Security Information Manager\jre\vm\bin (ssim.cer)
6) Opened the cmd window and changed directory to c:\Program Files\Symantec\Security Information Manager\jre\vm\bin
Thanks so much for your help!!
Would you like to reply?
Login or Register to post your comment.