0 Replies Latest reply: Jun 25, 2012 7:46 AM by 945611 RSS

    SGD 4.4 - Certificate wildcard - problem

      Hello all,

      I have an array of two SGD servers in 4.4 version.

      I can't do the upgrade to the last version for differents things.

      The SSL certificates issued by Commodo are expired. Now my company get a wildcard certificate for the publics web and applications servers. The certificate is issue now by GlobalSign.

      I've done the renew of the certificates on each server.

      1) Copy the csr.pem of the wildcard to /opt/tarantella/var/tsp/
      2) Copy the signed wildcard certificate by globalsign to /opt/tarantella/var/tsp
      3) Create a custom CA (because globalsign was not supported by SGD in 4.4 version). The intermediate root ca of Globalsign + the root CA
      4) I had added my SSL to the keystore /opt/tarantella/bin/jre/bin/keytool -importcert -file /opt/tarantella/var/tsp/cert.pem -keystore /opt/tarantella/bin/jre/lib/security/cacerts -storepass **** -alias sgd.adehis.be
      5) I had added the custom ca by : /opt/tarantella/bin/tarantella security customca --rootfile /tmp/rootca.pem

      After that, we have a problem.

      On Windows Vista, 7, 2003, 2008 the user can use SGD without problem.

      On Windows XP,

      randomly the user get a prompt : [http://docs.oracle.com/cd/E19728-01/820-4907/figures/spoofed.gif]

      This appears only in Windows XP.

      I've tried all the information that i've found.

      1) Add the fingerprint of the sgd server in the c:\Documents and settings\User\Local Settings\Application Data\Sun\SSGD\hostsvalidated
      2) try to add the cert of the server in the certificate store of the client.

      But nothing solved my problem.

      Maybe someone has stumbled on this case ?

      In advance thank you very much for the help.

      Edited by: 942608 on 25 juin 2012 05:44

      Edited by: 942608 on 25 juin 2012 05:45