Capital™ Unable to connect to Manager on a new multi-tier 2408 installation
Summary
The new 2408 client installer has additional dialogs regarding choices for secure setup. If these dialogs are skipped, ignoring the secure setup, the client connection will fail. It is not necessary to re-install the software. The client can be manually configured to work as a test environment setup with the out of the box (OOTB) self-signed SSL certificates OR with the company's production SSL certificates.
Details
The self-signed SSL certificates that are bundled with the installation are meant for testing purposes only.
The certificates do not work by default in a multi-tier setup. When running the installer, the dialog presented with the install wizard is in the form of a checkbox where you can agree to use our self-signed certificates. By default, the checkbox is not checked:
If you left the checkbox above unchecked and also skip the dialogs requesting the production keystore information, the clients will fail to connect to Manager.
You may manually enable the out-of-the-box certificates for a test environment as follows:
- Edit the <Install folder>\config\clientprops.xml file.
- Find the tlsconfig element and change the parameter useBundledSelfSignedCerts from "false" to "true"
Note: If you have performed a "Complete" installation on the server. That is, there are client applications also installed on the server machine. You will need to edit the clientprops.xml file that exists on the server as well.
For a production environment
In a production setup, it is highly recommended that you use your own SSL certificates from a valid, certifying authority. There are two new dialogs to setup production environment.
In the first one you may declare the keystore location path and the keystore password:
In the second dialog you have the option to select an existing file with the SSL certificate and provide its password.
If the information is not available at the time of the installation, and the installer dialogs above are skipped, you may add the information manually by editing the <Install folder>\config\CapitalIntegrationServerConfiguration.xml file.
Find the webserverconfig element and edit the parameters below with your company's keystore, keypassword, and password:
keystore
- The above given keystore is expected to contain the SSL certificates
- To import the certificates manually into the keystore you may use an open-source tool like keytool, keyway explorer.
- Example path: “<path>/keystore.jks”
keypassword and password
- These encrypted passwords must be generated using the CapitalUtility.exe, which is available in <Install folder>\bin\CapitalUtility.exe
- Example Keypassword: PW8eoHrXHm7ZAk4H7KJ/01fCSTeBXR0R4jLkiR1HP7U=
For more information see the Capital 2408 What's New document slides regarding "Enhanced security and ease of use for administration".