SSL Root Certificate causing issues with Slingshot

SSL Root Certificate causing issues with Slingshot

Issue:

When trying to run a Slingshot webApp on a workstation, the Slingshot utility gives the following error:

Error:
"Problem found with the Secure Sockets Layer(SSL) certificate sent by the server.  Please note that self-signed certificates cannot be used."


Solution:

Most likely, the JKS keystore used by Unified Workspace contains the full SSL Certificate chain (server - intermediate - root). 



To provide increased security, devices only want to be given the server and intermediate certificates, to then link them to the root certificate contained within their own certificate stores.  When UW sends the root certificate as part of the certificate chain, the device uses the ones sent and therefore treating the certificate as a Self-Signed certificates.  It is therefore necessary to remove the Root certificate from the certificate chain, so that only the Server and Intermediate certificate remain.


(Check your certificate chain using the Digicert SSL Installation Diagnostics Tool.)


Use the following steps to remove the Root certificate from the JKS keystore:

  1. Open the keystore using KeyStore Explorer

  2. Right-click on the keypair and choose View Details > Certificate Chain Details.
    Verify the full certificate chain is there.  The full chain should include the Root, Intermediate, and Server certificates.  Depending on your CA, you might have multiple Intermediate certificates.

  3. Right-click on the keypair and choose Edit Cert Chain > Remove Certificate.
    This will remove the Root certificate from the chain, as some browsers interpret providing the certificate as being Self-signed if the root certificate is provided.

  4. Right-click on the keypair and choose View Details > Certificate Chain Details.
    Verify the certificate chain is there, minus the Root certificate.  The chain should include only the Intermediate, and Server certificates.  Depending on your CA, you might have multiple Intermediate certificates.

  5. Save keystore and copy to relay to test.

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...

      • Related Articles

      • Our SSL cert is expiring on our UW servers, can Lenovo Software help us renew that certificate?

        Issue SSL Certificate is expiring/expired on customer's Unified Workspace (formerly webNetwork) server(s). Solution Lenovo Software Support can assist you with renewing the SSL Certificate on your UW servers.  The only downtime required will be a ...

      • Convert PFX certificate to JKS keystore using KeyStore Explorer

        Issue: Can we import the wildcard SSL Certificate we already have on our IIS server(s)? Solution: Please see the following documentation on how to convert a PFX certificate, exported from an IIS server, to a Java JKS keystore. Once you have your new ...

      • How do I renew my SSL certificate?

        This process is in 3 basic parts.  1 - Create the Keystore  2 - Generate the CSR  3 - Import the cert  The documentation below has several methods to complete this process. The first is a how to use a free Java gui tool called Portecle, the second is ...

      • Time Sync causing Cluster Issues

        Issue: The customer is having issues with the cluster going out of sync causing various issues. Examples: webRDP giving and Unknown Error Users unable to authenticate UW just running slowly in general Customer will rebuild the cluster, only to have ...

      • webNetwork will not start because AD ssl certificate has expired

        Customer restarted webnetwork and now it won’t start. It gives errors like : FATAL (12/23) 11:19:23 [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.CommunicationException: simple bind failed: 192.168.1.41:636 ...