https keystore certificate error signed fields invalid.

jlutherthomas wrote:

Hi @brianapeters

If you're importing a pfx you may want to read this and follow these steps: https://knowledge.safe.com/questions/25131/how-can-i-use-an-ssl-wildcard-certificate-from-a-p.html

One thing you'll need to make sure is when you create the tomcat keystone file it needs to have the exact same password as the certificate that you're importing.

Thank you, this got me a step further. The: "keytool -importkeystore -srckeystore c:\\temp\\my_keystore.pfx -srcstoretype pkcs12" Seemed to work with "Import command completed: 1 entries successfully imported, 0 entries failed or

 

cancelled"

 

 

I did use the same password when creating the keystore using fme instructions and exporting the pfx. My fme appliction serivce will not start? I dont see logs files in the folder mentioned? If i delete the tomcat.keystore and run the import again it will create another but still dont work? I must be missing something?

 

 

brianapeters wrote:

Thank you, this got me a step further. The: "keytool -importkeystore -srckeystore c:\\temp\\my_keystore.pfx -srcstoretype pkcs12" Seemed to work with "Import command completed: 1 entries successfully imported, 0 entries failed or

 

cancelled"

 

 

I did use the same password when creating the keystore using fme instructions and exporting the pfx. My fme appliction serivce will not start? I dont see logs files in the folder mentioned? If i delete the tomcat.keystore and run the import again it will create another but still dont work? I must be missing something?

 

 

Is it in Windows Services where the FME Server Web Application won't start?

 

What does the catalina log file say? You should be able to find this in the tomcat log folder in your FME Server System Share resources folder.

jlutherthomas wrote:

Is it in Windows Services where the FME Server Web Application won't start?

 

What does the catalina log file say? You should be able to find this in the tomcat log folder in your FME Server System Share resources folder.

This is the error i get?

 

 

--------------------------------------------------------------------------------------

 

19-Sep-2018 10:37:45.653 SEVERE [main] org.apache.tomcat.util.digester.Digester.fatalError Parse Fatal Error at line 108 column 5: The string "--" is not permitted within comments.

 

--------------------------------------------------------------------------------------

 

brianapeters wrote:

This is the error i get?

 

 

--------------------------------------------------------------------------------------

 

19-Sep-2018 10:37:45.653 SEVERE [main] org.apache.tomcat.util.digester.Digester.fatalError Parse Fatal Error at line 108 column 5: The string "--" is not permitted within comments.

 

--------------------------------------------------------------------------------------

 

19-Sep-2018 13:20:12.413 WARNING [1] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: The string "--" is not permitted within comments.19-Sep-2018 13:20:12.413 SEVERE [1] org.apache.catalina.startup.Catalina.start Cannot start server. Server instance is not configured.

 

 

jlutherthomas wrote:

Is it in Windows Services where the FME Server Web Application won't start?

 

What does the catalina log file say? You should be able to find this in the tomcat log folder in your FME Server System Share resources folder.

making progress... looksl ike there was a type-o and a missing "-->" after i went line by line reviewing.

 

 

 

 

 

brianapeters wrote:

making progress... looksl ike there was a type-o and a missing "-->" after i went line by line reviewing.

 

 

 

 

 

That's great that you managed to find it. Does the web app server start now?

jlutherthomas wrote:

That's great that you managed to find it. Does the web app server start now?

I'm still having issues... but different. I can connect using https://localhost/ but the issued url https://fme-dev.company.com/ is not working?

 

 

 

brianapeters wrote:

I'm still having issues... but different. I can connect using https://localhost/ but the issued url https://fme-dev.company.com/ is not working?

 

 

 

What's the hostname of FME Server that you gave when you installed it?

 

What are the service urls set to?

 

brianapeters wrote:

making progress... looksl ike there was a type-o and a missing "-->" after i went line by line reviewing.

 

 

 

 

 

not sure were to look for this?

 

 

jlutherthomas wrote:

What's the hostname of FME Server that you gave when you installed it?

 

What are the service urls set to?

 

ok, much more progress... so i found that the alias wasn't assigned to the server. It was requested but.... well contractors? Now that it was assigned the web url works and brings up the FME Server login, but the certificate is showing as unsecured. Do you think this is an issue with the creation of the certificate or how it is imported into the keystore?

 

 

jlutherthomas wrote:

What's the hostname of FME Server that you gave when you installed it?

 

What are the service urls set to?

 

Jennifer, do you have time to talk and maybe take a look at this? It just isnt working.

 

 

brianapeters wrote:

Jennifer, do you have time to talk and maybe take a look at this? It just isnt working.

 

 

Hi Brian. You can raise a support case here. However if you can log into FME Server ok and it's just the browser reporting that the certificate is unsecured, that'd be best addressed with your security/certificate people to make sure your certificate is good and properly verified through a Certificate Authority, or you can look at how to import/trust the certificate with your browser.

 

 

jlutherthomas wrote:

Hi Brian. You can raise a support case here. However if you can log into FME Server ok and it's just the browser reporting that the certificate is unsecured, that'd be best addressed with your security/certificate people to make sure your certificate is good and properly verified through a Certificate Authority, or you can look at how to import/trust the certificate with your browser.

 

 

I guess that is my problem... The browser isn't working and the the group creating the certificate does not have any idea why this is happening. I just wanted someone to look at it and see if the can identify what we are missing?