Product Name
CIS-CAT Pro Dashboard
Product Version
3.0.0+
Date
CIS-CAT Pro Dashboard v3 supports the following two file types / formats for organizational certificates:
.p12(PKCS 12).jks(Java Key Store)
Below are some potential challenges encountered when applying these to the application, and suggested solutions.
Chrome returns an “ERR_CERT_COMMON_NAME_INVALID“ error or “Subject Alternative Name Missing“
The ERR_CERT_COMMON_NAME_INVALID SSL error can occur with a valid and non-expired certificate if it does not contain a SAN (Subject Alternative Name), which Google Chrome requires with all newer browser versions. You can view the exact certificate error details by opening the Dashboard page in Chrome, then accessing Developer Tools (Control + Shift + I on Windows) and selecting the “Security” tab.
The below Digicert resource explains what this record is and how to check for it:
https://www.digicert.com/faq/subject-alternative-name.htm
This StackOverflow thread deals with the topic and offers several methods on remedying it during certificate creation:
https://stackoverflow.com/questions/43665243/invalid-self-signed-ssl-cert-subject-alternative-name-missing
Importing a .p12 Certificate to the Java Trust Store returns “Not an X.509 Certificate“
This error can occur if the .p12 file is encrypted with a password and its content cannot be read. To have the Java keytool prompt you for the source keystore password, use the following command:
keytool -v -importkeystore -srckeystore C:\certs\mycert.p12 -srcstoretype PKCS12 -destkeystore "C:\Program Files\CCPD\jre\lib\security\cacerts" -deststoretype JKS
-srckeystoreis the path to your.p12certificate to be imported (in this example,C:\certs\mycert.p12)-destkeystoreis the path to your Dashboardcacertskeystore, typically in\jre\lib\security\
This command will prompt for the destination Dashboard keystore password (changeit by default), followed by your source keystore password.
Possible things to include
DigiCert import guide:
https://www.digicert.com/kb/csr-ssl-installation/tomcat-keytool.htm#ssl_certificate_installImporting a
.cerinto JKS usingkeytool:
https://stackoverflow.com/a/57457773Elements from the CSAT Pro Cert KB (applicable to Dashboard?):
Is CSAT Pro Compatible With .pfx or .cfx Certificates?
Add Comment