SSL Root Certificate causing issues with Slingshot

SSL Root Certificate causing issues with Slingshot

Issue:

When trying to run a Slingshot webApp on a workstation, the Slingshot utility gives the following error:

Error:
"Problem found with the Secure Sockets Layer(SSL) certificate sent by the server.  Please note that self-signed certificates cannot be used."


Solution:

Most likely, the JKS keystore used by Unified Workspace contains the full SSL Certificate chain (server - intermediate - root). 



To provide increased security, devices only want to be given the server and intermediate certificates, to then link them to the root certificate contained within their own certificate stores.  When UW sends the root certificate as part of the certificate chain, the device uses the ones sent and therefore treating the certificate as a Self-Signed certificates.  It is therefore necessary to remove the Root certificate from the certificate chain, so that only the Server and Intermediate certificate remain.


(Check your certificate chain using the Digicert SSL Installation Diagnostics Tool.)


Use the following steps to remove the Root certificate from the JKS keystore:

  1. Open the keystore using KeyStore Explorer

  2. Right-click on the keypair and choose View Details > Certificate Chain Details.
    Verify the full certificate chain is there.  The full chain should include the Root, Intermediate, and Server certificates.  Depending on your CA, you might have multiple Intermediate certificates.

  3. Right-click on the keypair and choose Edit Cert Chain > Remove Certificate.
    This will remove the Root certificate from the chain, as some browsers interpret providing the certificate as being Self-signed if the root certificate is provided.

  4. Right-click on the keypair and choose View Details > Certificate Chain Details.
    Verify the certificate chain is there, minus the Root certificate.  The chain should include only the Intermediate, and Server certificates.  Depending on your CA, you might have multiple Intermediate certificates.

  5. Save keystore and copy to relay to test.

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...
      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...
      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • Related Articles

      • Convert PFX certificate to JKS keystore using KeyStore Explorer

        Issue: Can we import the wildcard SSL Certificate we already have on our IIS server(s)? Solution: Please see the following documentation on how to convert a PFX certificate, exported from an IIS server, to a Java JKS keystore. Once you have your new ...
      • Time Sync causing Cluster Issues

        Issue: The customer is having issues with the cluster going out of sync causing various issues. Examples: webRDP giving and Unknown Error Users unable to authenticate UW just running slowly in general Customer will rebuild the cluster, only to have ...
      • How do I renew my SSL certificate?

        This process is in 3 basic parts.  1 - Create the Keystore  2 - Generate the CSR  3 - Import the cert  The documentation below has several methods to complete this process. The first is a how to use a free Java gui tool called Portecle, the second is ...
      • webNetwork will not start because AD ssl certificate has expired

        Customer restarted webnetwork and now it won’t start. It gives errors like : FATAL (12/23) 11:19:23 [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.CommunicationException: simple bind failed: 192.168.1.41:636 ...
      • SSL certificate installation - part 1

        Problem: Need to create and add new wildcard SSL certificate to Unified Workspace server. Prerequisite(s): Download and install KeyStore Explorer tool on workstation Solution(s): Below instructions will walk you through process of creating a new ...