1. White Star Software
  2. Advanced Alerting Configuration

SSL / Secure Socket Layer

SSL / Secure Socket Layer

Requirements

  • Progress formatted certificate file of ProTop`s portal to communicate with (ex: 2e5ac55d.0)
  • $DLC/bin/certutil -import ---- file generated in $DLC/certs

Configuration Steps

Unix

  1. Add to $PROTOP/bin/localenv (copy bin/localenv.x to bin/localenv if not present) :

    export USESSL=y

    Ex:

    USESSL=Y UNIX

  2. Add to $PROTOP/etc/[custId].pf:

    -certstorepath [PROTOPDIR]/certs

    Ex:

    CERTPATH

  3. Restart ProTop

Windows

  1. Add to %PROTOP%\bin\localenv.bat (copy bin\localenv.batx to bin\localenv.bat if not present):

    set USESSL=y

    Ex:

    WIN USESSL=y

  2. Add to %PROTOP%\etc\[custid].pf:

    -certstorepath [drive]:[PROTOPDIR]\certs

    Ex:

    WIN CERTSTOREPATH

  3. Restart ProTop

Troubleshooting

Set ProTop debug level to 5 using pt3agent.[resrc].dbg in Protop’s tmp directory and restart Protop

cd [PROTOPDIR]/tmp
echo 5 > pt3agent.proddb.dbg

Check in ProTop’s log directory for pt3agent.[resrc].log file for error messages.

Common problem:

Can’t find issuer certificate:

2020/08/06 22:50:28.790-04:00 0 Secure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate: for xxxxxxxx.0 in <path>/certs (9318)
2020/08/06 22:50:28.791-04:00 9407 Connection failure for host <dashboard> port 443 transport TCP. (9407)
2020/08/06 22:50:28.791-04:00 newSocket: Connection to HTTP server: <dashboard> port 443 is unavailable.

Solution:

  1. Ensure certificate file exists in [path]/certs and has the required permissions
  2. Make sure -certstorepath [path to certificate] is valid in [PROTOPDIR]/etc/[custid].pf
  3. If the portal uses more than one certificate, you need to have all the portal’s certificates in ProTop’s certs directory