Failure to Install Certification for Mods Due to Untrusted Signers in Spotfire
Article ID: KB0070042
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All supported versions |
Description
Description:
When attempting to add a certificate for Mods on the admin page, users encounter errors such as "The trust action could not be persisted on the server" and error code 404, which indicates an "invalid_certificate_path."
The following error messages are also displayed:
--------------------------------------------------------------------------------------------------------
codetrust.error.TrustExceptionController: An error occurred while processing the trust request
com.spotfire.rs.security.codetrust.error.TrustException: Error verifying the certificate path
at com.spotfire.server.security.codetrust.CodeTrustManager.validateCertificate(CodeTrustManager.java:1549) ~[spotfire-server.jar:?]
at com.spotfire.server.security.codetrust.CodeTrustManager.addExternalCertificate(CodeTrustManager.java:1581) ~[spotfire-server.jar:?]
--------------------------------------------------------------------------------------------------------
When attempting to add a certificate for Mods on the admin page, users encounter errors such as "The trust action could not be persisted on the server" and error code 404, which indicates an "invalid_certificate_path."
The following error messages are also displayed:
--------------------------------------------------------------------------------------------------------
codetrust.error.TrustExceptionController: An error occurred while processing the trust request
com.spotfire.rs.security.codetrust.error.TrustException: Error verifying the certificate path
at com.spotfire.server.security.codetrust.CodeTrustManager.validateCertificate(CodeTrustManager.java:1549) ~[spotfire-server.jar:?]
at com.spotfire.server.security.codetrust.CodeTrustManager.addExternalCertificate(CodeTrustManager.java:1581) ~[spotfire-server.jar:?]
--------------------------------------------------------------------------------------------------------
Issue/Introduction
Users encounter an error when installing a certificate for Mods, with the message "The trust action could not be persisted on the server" and error code 404, indicating an "invalid_certificate_path." Steps suggested to resolve the issue.
Environment
All supported operating systems
Resolution
To resolve this issue, follow these steps:
1. Log into Spotfire Server and open the Command Prompt.
2. Navigate to the directory: <tss server installation>/tomcat/spotfire-bin
3. Run the command: config.bat export-config -f
Enter the "Tool Password" that you created when setting up the Spotfire server.
This command exports the Spotfire Server configuration file (configuration.xml).
4. Execute: config.bat set-config-prop --name="security.code-trust.validate-uploaded-cert" --value="false"
5. Run config.bat import-config -c "<RandomName>"
Enter the "Tool Password" again when prompted.
6. Restart the Spotfire server to apply the changes.
7. Open Spotfire Analyst and login with Admin credentials.
8. Open the report file, add the Mod, and set it to "Always trust mods signed by 'TIBCO Software Inc.'" to check if the Mod can be trusted. Save the file to the Library.
9. In the Admin UI, navigate to Users & Groups > "Everyone" group > Trusted Signers > Add Certificates > From Library > Select "TIBCO Software Inc."
10. Access the saved Library file with the Mod on the Web Player, using different user IDs, to verify that the issue is resolved.
1. Log into Spotfire Server and open the Command Prompt.
2. Navigate to the directory: <tss server installation>/tomcat/spotfire-bin
3. Run the command: config.bat export-config -f
Enter the "Tool Password" that you created when setting up the Spotfire server.
This command exports the Spotfire Server configuration file (configuration.xml).
4. Execute: config.bat set-config-prop --name="security.code-trust.validate-uploaded-cert" --value="false"
5. Run config.bat import-config -c "<RandomName>"
Enter the "Tool Password" again when prompted.
6. Restart the Spotfire server to apply the changes.
7. Open Spotfire Analyst and login with Admin credentials.
8. Open the report file, add the Mod, and set it to "Always trust mods signed by 'TIBCO Software Inc.'" to check if the Mod can be trusted. Save the file to the Library.
9. In the Admin UI, navigate to Users & Groups > "Everyone" group > Trusted Signers > Add Certificates > From Library > Select "TIBCO Software Inc."
10. Access the saved Library file with the Mod on the Web Player, using different user IDs, to verify that the issue is resolved.
Feedback
Yes
No
Powered by
