|Applies To||RSA Product Set: Archer|
RSA Version/Condition: 6.0
|Issue||Important: This KB article applies specifically to Archer version 6.0 only because this is the only version of Archer that uses Java for Advanced Workflow. This KB cannot be used to resolve similar issues with Archer Version 6.1 or newer, or any versions prior to 6.0.|
While SSL is enabled, the following error is received when trying to add a workflow to an application:
2015-11-20 20:20:23,885 WARN [wp.utils.WpUtils] (default task-21) java.lang.RuntimeException:
|Cause||When Archer 6.0 is configured to use SSL, the certificate chain for the HTTPS/SSL certificate used by IIS must exist in the Java Keystore.|
If it is not, the Advanced Workflow will not work. This is because a trust relationship cannot be created between the API request and the Workpoint service.
Configuring Java to use your Root CA Certificate with SSL in Archer 6.0
When Archer 6.0 is configured to use SSL, your certificate chain for the HTTPS/SSL certificate used by IIS must exist in the Java Keystore. If it is not, the Advanced Workflow will not work.
This is because a trust relationship cannot be created between the API request and the Workpoint service.
Exporting the Certificate:
For *EACH* Certificate listed in the certificate path
1. Click "View Certificate" if it isn't the currently open certificate
2. Details Tab
3. Click "Copy to File..."
4. Select "No, do not export the private key"
5. Select "DER encoded binary X.509 (.CER)
6. Name the file after the certificate and save it to a location
7. IMPORTANT: Repeat steps 1 through 6 for each certificate in the certificate path of the certificate that is currently being used by IIS for HTTPS/SSL. This will result in either 1, or many .CER files. All of which need to be imported into the Java Keystore.
NOTE: This is tool is a free open source tool and is not affiliated with RSA in any way.
NOTE: When you open this the first time, you may be required to install a Java extension.
NOTE: In a default installation of Java, this file can be found in “C:/Program Files/Java/<Install Version>/lib/security/cacerts”.
IMPORTANT: Repeat the above importing process for each certificate that you exported from IIS above. You can have anywhere from 1 to many certificates to import.
Important: If you do not save, the import will not commit.