Click on images to see them in full screen
Certificate IssuesUntrusted Connection when connecting to Exchange
When connecting to Exchange, the connection may be refused if the SSL certificates used in Exchange were created internally.
In order to resolve this issue, the certificate used by your organisation needs to be imported to the Door Tablet jvm.
An error on the Door Tablet server may look like this:
HTTP JVM: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: No trusted certificate found
The trusted root certificates that signed the remote Exchange server's SSL certificate must also be trusted by the Door Tablet server's JVM if a Java application is making an SSL connection.
Resolving the problem
Add the trusted root certificates to the Door Tablet server certificate store.
Obtain the Certificate to be Imported
There are few ways to obtain the certificates you will need to install in the Door Tablet certificate store:
- Using your browser
- Using the certificate store on your PC
- Asking the CA that provided your organisation with the trusted root certificates
The first option may be faster but if the Door Tablet server is still unable to connect you will need to use the second option.
Obtain the certificate using a browser
Each browser displays certificates in different ways, but they are usually quite similar. On the browser's URL bar, there is usually a zone that you can click on to display SSL certificate information. For example, you may see a padlock in the status bar, and clicking on the padlock opens the certificate information. Once the certificate information is open, click on the "Certification Path". There will normally be a way to export each of the signing certificates (trusted roots). Export the certifiers in the "Base-64 encoded X.509 (.CER)" format. The exported file in this format will be an ASCII text file that has "BEGIN CERTIFICATE" and "END CERTIFICATE" lines at the top and bottom. Once you have exported the certificates that signed the remote server's SSL certificate you can import them into the JVM.
Open the Exchange server using a browser and click on the padlock, then "Certificate":
And save the certificate .CER file.
Obtain the certificate from your PC store
Follow these steps to obtain the trusted root certificate. Note:
you may require more than one certificate to enable connectivity.
- Start the console
- Type MMC
- Add a Snap-in
- Select certificates
- Once the certificates show, select each one that is specific to your organisation, and export it
Now, find your certificates and export these.
Export the certificates as shown in step 4 above.
Import the SSL certifier into the JVM
Import the SSL Certificate into the JVM using these steps:
1. Open a command line and change directory to C:\Door Tablet\jvm\bin
2. Run the batch file "IKEYMAN.exe" (the following Java application will load)
3. Click "Key Database File" then "Open"
4. Browse to C:\Door Tablet\jvm\lib\security\cacerts. Note:
you will have to view "All Files" to locate cacerts
5. Click OK
6. Type the default password of "changeit". Note:
consult your administrator if you receive an error pertaining to the password
7. Select "Signer Certificates" in the drop-down menu
8. Click "Add"
9. Select "Browse" and locate the .CER file you copied
10. Click "OK" and enter a descriptive label
Restart the Door Tablet HTTP task
On the console issue the command "restart task http".