certificate identity not verified

By: Nagarajan Viswanathan user 13 Mar 2015 at 12:21 p.m. CDT

1 Response
Nagarajan Viswanathan gravatar
Dear Gluu support person, Im getting a certificate identity not verified error everytime i access my gluu server installation in a browser. I understand that this is because of the certificate not signed by a central CA. To get the corresponding CSR i looked into the server.xml file of the tomcat server that gluu uses and found that the corresponding keystore and certificates are under shibIDP.* under etc/certs. But I also see that there are other keystores and certificates. My question is 1) To avoid this error in the browser do I need to generate a csr that is similar to the existing one(shibIDP.csr), get this signed by a central CA and and import them into the corresponding key store? Do I need to replace files like shibIDP.csr, shibIDP.crt? What is the use of other keystore and crt files those are there in etc/certs?
None
closed

Answers

By Mohib Zico staff 13 Mar 2015 at 12:32 p.m. CDT

Copy
Mohib Zico gravatar
Hi Nagarajan, Comments are inline below: >> 1) To avoid this error in the browser do I need to generate a csr that is similar to the existing one(shibIDP.csr) No. >> get this signed by a central CA and and import them into the corresponding key store? Yes. >> Do I need to replace files like shibIDP.csr, shibIDP.crt? No. >> What is the use of other keystore and crt files those are there in etc/certs? * httpd.key and httpd.crt: these are for your Gluu Server's apache cert. * shibIDP.key and shibIDP.crt: these are for your Gluu Server's SAML part. As you are getting complain from your browser so you need to apply CA-signed cert in httpd.key and httpd.crt. Feel free to check [this](http://www.gluu.org/docs/admin-guide/certificates/) wiki. Let us know how it is going there. Kind regards, Zico

Post an answer