- Problem Description:
- Cause:
- The SSL certificate installed on the ColosseumRBS server is found to be invalid
- The SSL certificate installed on the ColosseumRBS server has expired
- The SSL certificate installed on the ColosseumRBS server is a self-signed certificate
- The SSL certificate installed on the ColosseumRBS server is not signed by a Java trusted root Certificate Authority
- A Wildcard SSL certificate has been installed on the ColosseumRBS server (applies to ColosseumSBC / ColosseumPBC version prior to 5.2.7.0 only)
- The hostname setting on the ColosseumSBC console does not match up with the hostname which the SSL certificate is issued to
- ColosseumSBC is installed on an OS platform that is bundled with an older version of Java
- Resolution:
ColosseumSBC / ColosseumPBC cannot connect to a ColosseumRBS server via the HTTPS protocol. Upon further investigation, the backup job that is scheduled to be run is also not running.
A security patch has been introduced in ColosseumSBC / ColosseumPBC version 5.2.6.3 to assure that the SSL certificate is validated.
Thus, if the HTTPS protocol is selected, and one of the following conditionsare met. The connection to the corresponding ColosseumRBS server will not be allowed:
Thus, if the HTTPS protocol is selected, and one of the following conditionsare met. The connection to the corresponding ColosseumRBS server will not be allowed:
Since the cacerts file (located in %JAVA_PATH%/lib/security) has not been updated with the current list of Certificate Authority (CA), hence a newer CA may not have existed when these versions of Java were released.
Please connect to the ColosseumRBS server using the server hostname instead of server IP.
Ensure that the SSL certificate installed on the ColosseumRBS server is valid, and not expired.
Verify if the backup server hostname entered on the ColosseumSBC console does match up with the hostname which the SSL certificate is issued to. Please pay close attention to the case of the hostname, as the setting is case sensitive.
In the cases where the SSL certificate installed is a self-signed certificate, please update the cacerts file on the affected machine to resolve the issue.
In the cases where the SSL certificate installed on the ColosseumRBS server is not signed by a Java trusted root Certificate Authority, please update the cacerts file on the affected machine to resolve the issue.
In the cases where a Wildcard SSL certificate has been installed on the ColosseumRBS server, please patch the ColosseumSBC / ColosseumPBC software to the latest hot-fix release.
In the cases where ColosseumSBC is installed on an OS platform which utilizes an older version of Java, please follow the instructions as follow:
1. Download the updated cacerts file
2. Stop the ColosseumSBC scheduler and AUA services
3. Rename the current %JAVA_PATH%/lib/security/cacerts file to %JAVA_PATH%/lib/security/cacerts.old
4. Extract the download cacerts file to the %JAVA_PATH%/lib/security directory
Ensure that the SSL certificate installed on the ColosseumRBS server is valid, and not expired.
Verify if the backup server hostname entered on the ColosseumSBC console does match up with the hostname which the SSL certificate is issued to. Please pay close attention to the case of the hostname, as the setting is case sensitive.
In the cases where the SSL certificate installed is a self-signed certificate, please update the cacerts file on the affected machine to resolve the issue.
In the cases where the SSL certificate installed on the ColosseumRBS server is not signed by a Java trusted root Certificate Authority, please update the cacerts file on the affected machine to resolve the issue.
In the cases where a Wildcard SSL certificate has been installed on the ColosseumRBS server, please patch the ColosseumSBC / ColosseumPBC software to the latest hot-fix release.
In the cases where ColosseumSBC is installed on an OS platform which utilizes an older version of Java, please follow the instructions as follow:
1. Download the updated cacerts file
2. Stop the ColosseumSBC scheduler and AUA services
3. Rename the current %JAVA_PATH%/lib/security/cacerts file to %JAVA_PATH%/lib/security/cacerts.old
4. Extract the download cacerts file to the %JAVA_PATH%/lib/security directory