Default Certificate Authority / SSL
Mon, 2007-07-30 23:15 — gccportal
Good day to all Guru's and Geniuses of LUMDEV!
Does anybody have an idea how to enable or disable the default certificate authority of Luminis 3.x?
TouchNet will house our payments so the scenario right now on our server is this: We need to either disable SunGard's Default CA/SSL or enable it so we can avoid the pop-up question asking if we're gonna accept or reject the certificate.
Any help is appreciated.
Thanks again.
Rich
- gccportal's blog
- Login or register to post comments
Hack Your Knowledge
Recent blog posts
- Banner w/ Bursar Consultant Needed
- A different MOWA problem
- Passing user's displayName to php script
- Stats - Anyone satistified with their solutions
- Turing Off Luminis IV Cache
- Banner-Luminis-WebCT integration
- Trying to use a cpip with javascript
- Updated to 4.1.22 - Complications
- Time Estimate for Luminis Platform IV Upgrade
- Luminis IV Memory Configuration
Developer Links
Poll
What version of Luminis are you on (Production)?
Luminis III.3.3.x
54%
Luminis 4.0.x
23%
Luminis 4.1.0.x
16%
Luminis 4.x
7%
Luminis 5+
0%
NONE : We ditched Luminis for static HTML! (it was more functional and doesn't crash)
0%
Total votes: 57
Syndicate
Comments
Similiar issue
We have not had success in replacing the SSL cert for Luminis, when we follow the instructions provided and delete the tomcat alias, generate new key, do certreq, adn then import the certs from Verisign for testing, Luminis will nto load the login page at all, gives DNS issue, even though if I got back and follow the exact same steps to create a self signed cert, it works, but I get the annoying pop-up as well.
I had a similar problem Rich
Hello Rich,
We at USD had a similar problem and we were using 3.3.3.79. I am attaching the SR number (search for this in connect.sungardhe.com). You can check the proceedings/conversations and may be you can find an answer. If not, please feel free to email me at shiva@sandiego.edu
SR number = 1-110397591
To the best of my knowledge you cannot disable a security certificate. Sungard's default certificate is good for 30 days (dependig on your contract). After that you will have to buy another certificate and replace the default sungard certificate with the new one that you bought. The SR number above explains in detail the problems that i had to go through in requesting a new security certificate installing it on the server and making that pop up disapper.
I have installed security certificates from COMODO and VERISIGN - one on our testbox and the other on the production box. Let me know where exactly are you facing the problem and i might be able to figure out the problem.
Thanks,
-Shiva
Thanks
Hi Shiva,
thanks for the information, I guess the college does not have immediate plans to purchase CA as of this time, but would appreciate how you implemented COMODO/VERISIGN.
xs:
Wasn't able to pull-out the topics@CSC for the service number you posted.
Rich
Security Certificates
Hi Shiva,
It is possible to ask the procedure or documentation how you implemented the verisign/comodo security certificates? Our college is looking into it right now and in about 45 days we will be going live in credit card payment.
I was task to do the same thing. test installation on our test box and if successful on the production box.
Any help would be appreciated. Our platform is W2K and W2K3.
Thanks again.
Rich
Does the popup say that the
Does the popup say that the SSL certificate is from an untrusted authority? If you self-signed the cert then I presume this is the error you are getting and that will not go away until you trust the CA for the server you used to do the self signing.
If you've created an internal CA (certificate authority) for the school so you can sign SSL certs for whatever reason then it would be a good idea to post the CA cert so that users can download that into their trusted system and then the popups will go away that relate to this particular problem.
If the popup indicates a different error - expired date, for example, or different hostname - then you have to fix it differently relating to that particular error.
The key is to know why you are getting the popup that asks if you are going to accept or reject the cert.
CA not trusted
Hi cfont,
Exactly the problem, do you have an idea where to disable it for now and/or permanently disable it. I'm thinking on the IIS portion (OS is using windows 2kpro)?
Any help is very much appreciated.
Rich
lets make sure you want to do this
:-) since i'm not quite sure where Touchnet comes into play in this scenario i'd like to ask a few more questions before i try to tell you how to turn off ssl... if you don't mind.
at the school i just left we hosted our own version of the touchnet payment software until recently when we switched to hosting it at touchnet. sounds like this is what you are doing. but, because you threw in IIS i'm also confused because I think that the touchnet payment gateway system runs on a tomcat instance but not sure; and, i thought luminis runs on a sun web server instance even in windows environment (i ran it on solaris so i'm not familiar with running it on windows). so, if that is correct, when in this process do you get the ssl pop-up error?
1) go to luminis login page
2) enter creds and submit
3) authn and authz happen
4) luminis tabs and channels display
5) navigate to channel/link that points to touchnet system
6) click link to touchnet
7) iframe displays with touchnet in bottom portion (this is where it matters if your problem is happening on local touchnet system or hosted system)
8) navigate and do whatever you do on touchnet system
9) pay with credit card
10) finish process with touchnet system
11) return to luminis tab
blah blah blah
the reason i'm asking the longer question is because you manage ssl differently, of course, in all these systems and i think you run into problems with Luminis if you try to not use SSL for login. and, if the problem is from the touchnet system then it may mean you have to modify the SSO properties if those are in place, or, if it is from the remotely hosted touchnet system then you probably can't do anything about it without working with them.
ok?
CA
Thanks for the reply. You guys are great on this topic.
The college is looking into purchasing the SSL now. Your response are duly noted and appreciated.
Thanks again cfont
Rich