Initial things to check for:
- Needs TLS 1.2
Make sure the browser's internet settings and the Java Control Panel Advanced settings can use TLS 1.2. Vityl Monitor is defined to use TLS 1.2.
- SSL 2.0 ClientHello format is off
Check in the Java Control Panel that the Advanced setting Use SSL 2.0 compatible ClientHello format is off. Vityl Monitor does not use this format.
Clearing Certificate Errors
You may get a certificate error that displays in the Address area of the browser. These errors usually occur because we are using the self-signed certificate generated during the installation of Vityl Monitor.
- Use a certificate from a Trusted Authority
You can replace the certificate with one from a trusted authority, which should eliminate these errors. See the Vityl Monitor Installation Guide on how to do this.
- Need to create a Self Signed Certificate
- On the server where Vityl Monitor is installed, go to the directory where Vityl Monitor is installed.
- Check the conf directory to see if there is a .keystore file. You will need to use the -a option on the ls command for Linux systems.
- If a .keystore file is there, rename or remove the file.
- In the bin directory run the setup script with a -c option. For example,
setup.sh -c or setup.bat -c.
- This creates the .keystore file and inserts a self-signed certificate.
- Restart the Vityl Monitor application server to use the certificate.
- Use the correct host name in the URL
One of the errors may occur because you are not using the same host name in the URL address that the certificate is signed for. On Internet Explorer, verify the host name to use by looking at the certificate. To see the host name, click the Certificate Error area and select to View the certificate. Use the Certification Path as the name.
- Save the certificate in the Trusted Root Certification Authorities store
An error you might get when connecting to a server using self-signed certificates is they are not trusted. You will need to Install the certificate into the Trusted Root Certification Authorities store.
- When viewing the certificate from the browser, click the Install Certificate button on the General tab.
- Select to install for the Current User. If you want to install it for all users of the machine, select to install on the Local Machine. You will need Administrator privileges to do this. Click Next.
- Select Place all certificates in the following store. Select Browse and Trusted Root Certification Authorities. Click OK. Click Next. Click Finish.
- You may be prompted to make sure you want to install this un-validated certificate into the Trusted store. Click Yes. It should tell you the import was successful. Click OK.
- You may need to close the browser and all open windows and restart the machine to apply the new settings to the browser.
Java Certificate Errors
You may get errors because the certificate isn't trusted by Java.
Load a certificate into Java store
- Get a certificate from the browser store
- From a browser, open Internet Options.
- Locate where to open and see the browsers certificates. On Internet Explorer, the certificates are available from the Certificates button on the Content tab in the Internet Options dialog.
- Select to see the Trusted Root Certification Authorities list.
- Scroll through the list until you find the certificate for the host you are accessing and select it.
- Click Export.
- Click Next and choose to export a .cer formatted file. On Internet Explorer, select the DER encoded. Click Next.
- Click Browse and select a directory to save the file to. Rename the file (such as teamquest.cer). Click Save.
- Click Next to get the confirmation screen. Click Finish.
- Import certificate into Java store
- Open the Java Control Panel.
- Click the Security tab.
- Click the Manager Certificates button.
- Select the Certificate type of Trusted Certificates.
- Click Import.
- Switch to the directory where you saved the teamquest.cer file.
- Click All Files.
- Locate and select the .cer file. Click Open.
- The certificate is now loaded into the Java Certificate store.
Java Settings Disabled
You may try to change some of your Java settings from the Control Panel and you find that the settings are set and disabled so that they can't be changed. This may occur because the Java that is installed locally is deployed by system IT or security people.
Changing the Java deployment.properties file
The deployed Java settings are stored in a deployment.properties file located at C:\windows\sun\java\deployment.
- Open the deployment.properties file with a text editor. You will need administrative access. Make changes to settings such as the TLS 1.2 or ClientHello settings and save your changes.
If none of the above has helped, turn on the Debugging options and turn on display of the Java Console from the Java Control Panel. If the following settings are disabled, see the section above about disabled settings.
- Open the Java Control Panel.
- Click the Advanced tab.
- In the Debugging section, check Enable tracing, Enable logging, and Show applet lifecycle exceptions.
- In the Java console section, select to Show the Console.
- Click OK or Apply to apply the changes.
- Run Vityl Monitor again and check the console window that opens to see if there are any error messages which might identify what is missing or is being blocked.