This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Error when running flexnet-service stop

Summary

Running ?flexnet stop? from command prompt results in the following error: Unable to connect due to unrecognised server certificate Subject - CN=DummyCert,OU=AnyCorp,O=AnyCorp,L=Anytown,ST=AnyState,C=US

Symptoms

Running ?flexnet stop? from command prompt results in the following error:

Unable to connect due to unrecognised server certificate
Subject - CN=DummyCert,OU=AnyCorp,O=AnyCorp,L=Anytown,ST=AnyState,C=US
Issuer - CN=DummyCert, OU=AnyCorp, O=AnyCorp, L=Anytown, ST=AnyState, C=US
Valid From - Mon Oct 17 15:50:40 CDT 2005
Valid To - Sun Jan 15 14:50:40 CST 2006
MD5 : 53:0f:5a:b0:ae:de:41:cb:9a:b3:5e:d5:ca:60:e3:81
SHA1 : 7a:85:11:68:1e:6e:fa:26:ed:4d:e4:4a:50:5c:09:78:7e:e9:c8:fd


Cause

Running ?flexnet stop? will eventually call on jboss-cli.bat to invoke a https call to the FNMEA Admin or Reporting server. In another word, ?flexnet stop? behaves as a web client, accessing a service on the FNMEA server.

During the HTTPS negotiation phase, as defined by the protocol, FNMEA server sends its certificate to the client, which in this case is the jboss-cli.bat. The certificate that sent over to jboss-cli.bat is stored in the Keystore on FNMEA server. The location of this Keystore is defined by ?SSL Keystore Location? parameter in the ?Secure Server Settings? when running ?flexnet site.?

By default, when FNMEA server is installed, it has only one certificate in the Keystore. This certificate is known as the ?DummyCert? that is self-signed and generated by Flexera.

When the client, jboss-cli.bat, received this ?DummyCert? from FNMEA server, it goes through its Truststore to determine if this is a valid certificate. If the client able to find the certificate, the protocol negotiation is allowed to continue and an encryption algorithm can be agreed and established. If the client is not able to find the certificate, it throws an error of ?unrecognized server certificate.?
In summary, ?flexnet stop? throwing an error because jboss-cli.bat was not able to locate the ?DummyCert? sent by FNMEA server.


Resolution

The error has been fixed in FNMEA 2016 R2.


Workaround

?The following workaround can be used to fix this error if using a versions below 2016 R2. The fix can be used for Windows and Linux environments for admin and reporting component.

  • Run ?flexnet site?

  • Continue hitting ?Next? until the Secure Server Settings

  • Under ?Secure Server Settings?, note down the value for ?SSL Keystore Location?. This is the location of the Keystore file. In this example, the location is ?<FNMEA_InstallDir>\site\bin\keystore?

  • Under ?Secure Client Settings?, note down the value for the ?SSL Truststore Location?. This is the location of the TrustStore file. In this example, the location is ?<FNMEA_InstallDir>\jvm\lib\security\cacerts?

  • Hit ?Cancel? to quit out of ?flexnet site?

  • Use a text editor and open up file ?jboss-cli.xml?. This file is located under ../site/server/bin and ../site/config.

  • At the end of ?jboss-cli.xml? file, there should be section as followed:

<ssl>
<alias>keystoreAlias</alias>
<trust-store>C:\Program Files\Java\jdk1.8.0_65\jre\lib\security\cacerts</trust-store>
<trust-store-password>changeit</trust-store-password>
</ssl>

  • Confirm that the value for <trust-store> should be the same as the value specified for ?SSL Truststore Location? in ?flexnet site?

  • If the section <ssl> is not found in the jboss-cli.xml or if the value for <trust-store> is different than the value specified for ?SSL Truststore Location?, contact the Support Team.

  • Close the jboss-cli.xml. No change is needed for this file.

  • Now, the ?DummyCert? certificate needs to be extracted from the Keystore file. Go to the location where the Keystore file is located. In this example:

?cd <FNMEA_admin_InstallDir>\jvm\bin?

  • Extract the certificate as followed (password is ?flexnet?):

?keytool -export -alias tomcat -file fnmea.cer -keystore keystore
After this command is run, file ?fnmea.cer? is the actual ?DummyCert? certificate.

  • Copy the ?fnmea.cer? into the location where the Truststore is located. In this example:

?copy fnmea.cer c:\Program Files\Java\jdk1.8.0_65\jre\lib\security?

  • Finally, import the ?fnmea.cer? into the Truststore as followed (for a typical Java JRE installation, the default password is ?changeit?):

?keytool -import -trustcacerts -file fnmea.cer -alias tomcat -keystore cacerts?

‎Jun 01, 2018 02:17 AM

Was this article helpful? Yes No
No ratings
0 Kudos
Version history
Last update:
‎Jun 01, 2018 02:17 AM
Updated by: