cancel
Showing results for 
Search instead for 
Did you mean: 

HTTPS (SSL) Interface needs pubilc key certified by CA?

Former Member
0 Kudos

Hello Colleagues!

We are working on a secure HTTPS (SSL) connection between an external

Client and our PI system. External System > PI ICM > PI SOAP Adapter.

Certificate configuration performed at Trast Manager (STRUSTSSO2).

During establish a local test connectivity via IE Browser we receive a

Security Popup Window with following information:

Revocation Information for the security certificate for this site is

not available. Do you want to proceed?

Under View Certificate you will see that the Certificate are not

trusted.

Text: This certificate cannot be verified up to a trusted certification

authority.

When I confirm the Security Alert Popup Window with Yes i get a second

Security Alert Popup Window with detail information's.

After confirm again with Yes test connectivity external client to PI

SOAP Adapter are successfully established.

Due to these manually confirmations automatic message processing aren't

possible.

From my point of view lies the root cause in the not trusted signed PI

Public Key.

Questions:

1. Do we have to trust our PI Public Key e.g. by VeriSign? (This wasn't performed up to now!)

2. Is a different option possible (without certified public key by CA/server self certified)?

Many thanks in advance!

Regards,

Jochen Schertel

Accepted Solutions (1)

Accepted Solutions (1)

Shabarish_Nair
Active Contributor
0 Kudos

>

> 1. Do we have to trust our PI Public Key e.g. by VeriSign? (This wasn't performed up to now!)

>

> 2. Is a different option possible (without certified public key by CA/server self certified)?

>

> Jochen Schertel

1. ideally, get the certificate signed by any verifying agency. Verisign is one of such agencies. I guess you can also get it self signed

2. Put the certificate under Trusted CAs keystore.

Former Member
0 Kudos

Many thanks Vijayakumar!

I have implement a self sign solution and this works fine but after reboot servers under "SSL server Standard" are red and during duple click on of them i receive following error:

Local PSE does not match database orginal (also posted as an addtional thread)

Do you know that behavior?

Many thanks in advance?

Regards,

Jochen

Answers (0)