Product Name
CIS-CAT Pro Dashboard
Product Version
3.0.0+
Date
25 2023
| Note |
|---|
Note that the CIS Product Support team cannot assist with organizational certificate modification, conversion or any resulting errors. Please contact your certificate provider or your certificate administrator if you require further assistance. |
CIS-CAT Pro Dashboard v3 supports the following two file types / formats for organizational certificates:
.p12(PKCS 12).jks(Java Key Store)
Below are some potential challenges encountered when applying these to the application, and suggested solutions.
Frequently Asked Questions
| Table of Contents | ||||
|---|---|---|---|---|
|
My certificate is not in .p12 or .jks format
, how do I proceed?If your current certificate file includes a Private Key, you may be able to convert it into .p12 / .jks format, and several guides and tools to do so can be found online. As the CIS Product Support team cannot assist with organizational certificate conversions or any resulting errors, please contact your certificate provider (such as DigiCert) or your certificate administrator if you require further assistance.
How doI receive an “Alias does not identify
the “Alias” of my Organizational Certificate?a key entry” error and Tomcat does not start
The certificate Alias provided during installation has to match the one contained in the cert exactly, or Tomcat will not be able to utilize it and return this error message.
The certificate Alias can be shown using the Java keytool, which is installed by default with any JRE/JDK, and a copy of which can be found in the Dashboard \jre\bin\ directory. Run the following command from an elevated command prompt:
keytool -v -list -keystore C:\certs\mycert.jks
(where C:\certs\mycert.jks is the path to your .p12 or .jks certificate)
The output will show the Alias under “Alias name”:
In this example, the Alias name is “db31cert”.
| Info |
|---|
Java Keystore can have multiple Aliases contained in a single file. Ensure you are using the correct Alias matching your intended certificate. |
Chrome displays “Not Secure” and returns an “ERR_CERT_COMMON_NAME_INVALID“ or “Subject Alternative Name Missing“ Error
The ERR_CERT_COMMON_NAME_INVALID SSL error can occur with a valid and non-expired certificate if it does not contain a SAN (Subject Alternative Name), which Google Chrome requires for all newer browser versions.
The DigiCert page linked below includes further details on this record:
https://www.digicert.com/faq/subject-alternative-name.htm
You can view the certificate rejection cause by opening your Dashboard webpage in Chrome, then accessing Developer Tools (Control + Shift + i on Windows) and selecting the "Security" tab.
Importing a .p12 Certificate to the Java Trust Store returns “Not an X.509 Certificate“
This error can occur if the .p12 file is encrypted, and its content cannot be read without supplying the password or passphrase. To have the Java keytool prompt you for the source keystore password, use the following command:
| Code Block |
|---|
keytool -v -importkeystore -srckeystore C:\certs\mycert.p12 -srcstoretype PKCS12 -destkeystore "C:\Program Files\CCPD\jre\lib\security\cacerts" -deststoretype JKS |
-srckeystoreis the path to your.p12certificate to be imported (in this example,C:\certs\mycert.p12)-destkeystoreis the path to your Dashboardcacertskeystore, found in\jre\lib\security\
This command will prompt for the destination Dashboard keystore password (which is changeit), followed by your source keystore password.
Please see here for instructions on Replacing Expired Dashboard TLS Certificate
Content by Label
| Filter by label (Content by label) | ||||||
|---|---|---|---|---|---|---|
|
| Page Properties | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||
|