Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

The public Key certifcate retrieved from server (------) is not recognized as originating from

Avatar

Level 2

Hi there,

We are using SSL for adminui and everything is working fine. I tried to use SSL for workbench and changed the profile setting in the connection to use protocol "Simple Object Access Protocol (SOAP/HTTs) with Server Port Number:8443 and I did add the certificate to the store per documentation and am still getting the error "The public key certificate retrieved from server (--------) is not recognized as originating from a trusted source. Check with your system administrator for instructions on configuring Workbench to accept this certificate.

Thanks

Workbench ES3

18 Replies

Avatar

Level 2

I did that doc word for word (Even several times) and workbench is not allowing me to connect from my workstation but it works using HTTPS on the server itself.

Thanks

Avatar

Employee Advisor

Point to be noted : Ensure that you connect to HTTPS by using the name that is specified in the certificate. This name is typically the fully qualified host name.

Avatar

Level 2

The name specified in the cert is the host name only and not the full qualified domain name. Does it really have to be the FQDN instead.?

Avatar

Employee Advisor

In server settings(Workbench), you should provide the hostname as there in your certificate(i.e. hostname + domain).

Avatar

Level 2

Everything matches. Cert is hostname and the server settings(Workbench) is hostname as well.

Avatar

Employee Advisor

Check whether certificate has been imported inside cacerts keystore successfully, use keytool -list -keystore <Path to cacerts> | more

Avatar

Level 2

it looks like it did.

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 1 entry

ServerName, Jun 5, 2013, trustedCertEntry,

Certificate fingerprint (MD5): (Entry)

Avatar

Employee Advisor

Could u plz confirm the path to cacerts ? Bcz there are many trusted certificate already present by default but u have only one entry !!

Avatar

Level 2

E:\Program Files (x86)\Adobe LiveCycle Workbench ES3\workbench\jre\lib\security

Avatar

Level 2

Does it matter whether the certifcate is for HOST name and the FQDN?

Thanks

Avatar

Level 2

I already did that and still doesn't work. Thanks

Avatar

Level 1

Hi,

You can try the below steps if you are using jBoss app server.

1.Open the secured adminui url (https://localhost:8443/adminui/) in the browser (ie explorer) .

2.It will give you the certificate error. Import that certificate by going to detail tab -> copy to file-> next-> select option DER encoded binary x.509 .cer

3. Save the above cert file to your local machine where workbench is installed.

4.Now run the below command

5.keytool -import -file “path of the above cert file on your machine including the cert name" -keystore "C:\Program Files (x86)\Adobe LiveCycle Workbench ES4\workbench\jre\lib\security\cacerts"

6.it will ask for password , which is changeit

7.it will ask if you trust this certificate , type Y then enter

8.Now your secured https certificate is imported to the cacerts file present in the security folder of workbench.

9.Restart the workbench, and before logging , configure the workbench login portal by providing below details

a)Hostname: localhost

b)Protocol : select the secured one (soap/https)

c)Port number will be : 8443 (for jBoss)

10. Try logging.

Avatar

Level 2

I know this is old, but I have tried all the steps in this thread, plus rebooting my workstation, and I am having the same problem. Has anyone found a solution to this problem?

Thanks

Avatar

Level 2

In case anyone ever runs into this problem in the future, the solution for me was to delete the jre folder within the workbench folder, and replace it with the latest jre downloaded straight from Oracle. Then I imported the certificate into the cacerts file. Originally I had installed java through the workbench interface, but it seems like it may have been using an old version. Hope this helps someone.

Avatar

Level 1

Sorry to bump this old thread, but I am also  having this issue.   I have:

- followed the steps to import the certificate into the cacerts used by workbench

- ensured i used the FQDN in workbench properties that match certificate

- restarted system

- no luck

- replaced entire jre folder in workbench path as suggested above

- re-imported the certs

-restarted system

- still no luck

Browser access over https works just fine.   I'm stuck here.   Any other ideas from anyone?

Avatar

Level 1

Did you obtain a solution to the issue regarding the public key certificate and launching Workbench as https.  I am also getting the same error and have tried all steps on the forum.