Alerts

Expiring Certificate for Dimensions CM on 13 June 2015 if you are using Dimensions CM SSO Server with CAC or SmartCard enabled



ID:    A66
Published:    28 May 2015
Updated:    12 June 2015

Product(s)

  • Dimensions CM
 

Description

Expiring Certificate for Dimensions CM on 13 June 2015 if you are using Dimensions CM SSO Server with CAC or SmartCard enabled

If your installation satisfies the below conditions, then on 13 June 2015 a certificate is due to expire and you will be unable to logon to the Web Client or Admin Console using the SmartCard login button.

  •  Dimensions CM release is lower than 14.1.0.4
  •  SSO with CAC or SmartCard is being used (only affects the Dimensions CM SSO Server)
  •  Default Certificates are being used

Self-Check

You will only see messages concerning certificate expiration if the Dimensions CM server is configured to use SSO with CAC or SmartCard enabled.  The simplest way to check this is to look for the following variables in the Dimensions CM server dm.cfg file.

DM_AUTH_TYPE_DBS   SSO
SSO_SERVER_CERTIFICATE  %DM_DFS%cm.pem

If these two variables are present then SSO with CAC or SmartCard enablement is in place.

Note:  If you are using SSO only, no further action is needed.  If you are using the SBM SSO Server, no further action is needed.

If the above is true, then here are details on how to check the expiry date for an existing certificate.

From a command prompt on the Tomcat Server, do the following:

a. Set your PATH variable to find the keytool command:

set path=%PATH%;[Tomcat Install Dir]\common\jre\7.0\bin

Note: For Dimensions 12.2.x and earlier, the jre version is 6.0.  If you are on a UNIX or LINUX server, use forward slashes and replace the jre directory path with:
../../java/OperatingSystem/jre  (e.g. ../../java/solaris/jre)

b. Browse to the directory of $Tomcat\webapps\ALFSSOLogin\WEB-INF\conf (e.g. C:\Program Files\Serena\Common\Tomcat\7.0\webapps\ALFSSOLogin\WEB-INF\conf or C:\Program Files\Common Tools\Tomcat\6.0\webapps\ALFSSOLogin\WEB-INF\conf). 
c. Now, run the following command to check the current expiration date of the certificates:

keytool -list -alias fedsrv -keystore keystore.jks -storepass changeit -v

This will provide you with the details of the certificate.  Look for the line of:

Valid from: Mon Jun 14 12:22:32 PDT 2010 until: Sat Jun 13 12:22:32 PDT 2015

 

Please go to Knowledgebase Solution S141178 for details on how to generate a new certificate and import into the existing keystores.

Find Answers

Type a question or describe what you are looking for below

My Recent Searches

Welcome kb sso

Additional Assistance

  • Submit a Case Online
  • FAQs