...
Adding the provided or a custom CA to Kiuwan on premises clients
Kiuwan on Premises installer tool provides default certificates for the default host name, signed by a supplied CA (Certificate Authority).
The CA public certificate is provided in this file:
- [INSTALL_DIR]/ssl/ca/cacert.pem
If you choose to sign your domain's certificate with the provided CA, a new CA created using kiuwan-certool.sh or your own CA, internet browsers and other clients accessing your Kiuwan on premises installation will not recognize it as a trusted CA by default. You will get error messages like this one:
| Code Block | ||
|---|---|---|
| ||
Your connection is not private
Attackers might be trying to steal your information from kiuwan.onpremise.local (for example, passwords, messages, or credit cards).
NET::ERR_CERT_AUTHORITY_INVALID |
This is the expected behavior as the CA store that your browser or client uses will not contain your own CA or the one supplied along with kiuwan-cluster.
In order to make your browser trust the supplied certificates, you will need to add this CA to your browser, and Java clients that access your Kiuwan on premises installation:
- Fixefox, Chrome, Edge: import cacert.pem by using the tools provided by the browsers.
- Java clients (Kiuwan for developers Eclipse, Kiuwan for developers JetBrains, Jenkins, KLA, etc): add the provided cacert.pem to the JRE keystore used by the client. Please refer to the official documentation of your JRE distribution about the Java keytool program.
- Windows clients (Kiuwan for developers VisualStudio): import cacert.pem by using the tools provided by Windows (certmgr.msc).
- Multiplatform clients (Kiuwan for developers VisualStudioCode): import cacert.pem by using the tools provided by your OS.