Symantec Developer Group

 View Only
Back to discussions
Expand all | Collapse all

How do you add CA certs to SPC truststore/keystore?

  • 1.  How do you add CA certs to SPC truststore/keystore?

    Posted Apr 08, 2011 06:13 PM

    Registering my IA, DLP, with SPC will work if my IA has its own self signed certificate.  However when my IA uses a certificate that is signed by an in house CA, it fails to register.  I'm not sure what's the issue, but my guess is that SPC doesn't recognize the CA, so it fails the registration.  I'm using SPC version 2.0.316.0.  Please let me know if there's a way to add the CA root certificate to the SPC keystore or truststore.  Here's the altiris error log:

    "4/8/2011 2:43:47 PM","*** An SpcFault type fault occurred in RegistrationSvc::RegisterDiscoveredServer(). Re-throwing it
    **CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=7.1.5359.0&language=en&module=GSo+XUHGLCJxqCrDDZeE8X5tHebwvKY4IpjNMRF994VBs6T+sUb0AA1BvGiPcIgo&error=-1504057749&build=**CEDUrlEnd**


    ( Exception Details: System.ServiceModel.FaultException`1[Symantec.SPC.Middletier.WebServices.InvalidCertificate]: The specified certificate is invalid. (Fault Detail is equal to Symantec.SPC.Middletier.WebServices.InvalidCertificate). )
    ( Exception logged from:
       at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
       at Altiris.NS.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
       at Symantec.SPC.Middletier.WebServices.Registration.RegisterDiscoveredServer(DiscoveredProductServer server, String username, String password, String dataFeedUser, Boolean force, Boolean CheckTimeSync)
       at Symantec.SPC.Services.RegistrationService.Register_DiscoveredProductServer(DiscoveredProductServer discoveredProductServer, String registrationUsername, String registrationPassword, String postRegPort, String dataFeedUser, String regPort, String consolePort, Boolean force)
       at Symantec.SPC.Services.RegistrationService._AddAndRegisterDiscoveredProductServer(String hostname, Guid versionGuid, String tenant, String registrationUsername, String registrationPassword, String postRegPort, String dataFeedUser, String regPort, String consolePort, Boolean force, ConsoleUser consoleUser)
       at Symantec.SPC.Services.RegistrationService.<>c__DisplayClass1.<AddAndRegisterProductServer>b__0()
       at Symantec.SPC.Services.SPCServiceBase.RunElevated(Action del)
       at Symantec.SPC.Services.RegistrationService.AddAndRegisterProductServer(String csrfToken, String hostname, Guid versionGuid, String tenant, String registrationUsername, String registrationPassword, String postRegPort, String dataFeedUser, String regPort, String consolePort, Boolean force)
       at SyncInvokeAddAndRegisterProductServer(Object , Object[] , Object[] )
       at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
       at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
       at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
       at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc)
       at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
       at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
       at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
       at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
       at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
       at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously)
       at System.ServiceModel.Channels.InputQueue`1.AsyncQueueReader.Set(Item item)
       at System.ServiceModel.Channels.InputQueue`1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread)
       at System.ServiceModel.Channels.InputQueue`1.EnqueueAndDispatch(T item, ItemDequeuedCallback dequeuedCallback, Boolean canDispatchOnThisThread)
       at System.ServiceModel.Channels.InputQueueChannel`1.EnqueueAndDispatch(TDisposable item, ItemDequeuedCallback dequeuedCallback, Boolean canDispatchOnThisThread)
       at System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, ItemDequeuedCallback dequeuedCallback, Boolean canDispatchOnThisThread)
       at System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, ItemDequeuedCallback dequeuedCallback)
       at System.ServiceModel.Channels.HttpChannelListener.HttpContextReceived(HttpRequestContext context, ItemDequeuedCallback callback)
       at System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result)
       at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()
       at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequest(Object state)
       at System.ServiceModel.PartialTrustHelpers.PartialTrustInvoke(ContextCallback callback, Object state)
       at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequestWithFlow(Object state)
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2()
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke()
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks()
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state)
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
       at System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
       at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
     )
    ( Extra Details:  Type=System.ServiceModel.FaultException`1[[Symantec.SPC.Middletier.WebServices.InvalidCertificate, Symantec.SPC.Middletier.WebServices, Version=2.0.316.0, Culture=neutral, PublicKeyToken=d8aa2ed63d41ec9c]] Src=Symantec.SPC.Middletier.WebServices )","Symantec.SPC.Middletier.WebServices.Registration.RegisterDiscoveredServer","w3wp","403"



  • 2.  RE: How do you add CA certs to SPC truststore/keystore?

    Posted May 05, 2011 12:28 PM

    We are investigating the issue.



  • 3.  RE: How do you add CA certs to SPC truststore/keystore?
    Best Answer

    Posted Jul 27, 2011 05:38 PM

    A utility is available that will allow you to install a CA certificate onto the SPC.  Please see this article for information on this tool: https://www-secure.symantec.com/connect/articles/installing-3rd-party-ca-certificate-protection-center