Back to Geneos FAQ

Internal documentation only

This page has been marked as draft.

Using Gateway Hub SSO with "Self-Signed" Certificates

If you have a Gateway Hub setup but using self-signed certificates then how do you connect from the Active Console?

You must add the trust-chain.pem certificate chain file from the Hub installation’s tls directory so that the Active Console can trust the connection to the Hub SSO interface. To do this you must add the certificate chain to the Java cacerts file in the Active Console’s JRE subdirectory.

The following steps apply to the Windows Active Console but you can adapt the steps to the Ubuntu or Mac versions using localised commands.

  1. Fetch the trust-chain.pem file from the Hub installation. You can do this a number of ways including cut and paste as the contents are in encoded plain text. You can also use a program WinSCP or a command line SSH client.
  2. Open a Power Shell or Command prompt and navigate to the Active Console installation directory
  3. Run the following command, adapting the PATH-TO as required.
.\JRE\bin\keytool.exe -importcert -alias GWHub -keystore .\JRE\lib\security\cacerts -file [PATH-TO]\trust-chain.pem

Note

The alias GWHub is to ensure it does not clash with any other certificate chains in the file and does not need to be anything specific to your installation.

When prompted for a password use the default Java changeit (no quotes) unless, you have changed it, which itself is a special case and becomes an exercise for the reader. You should not change this password in normal circumstances as other things will fail.

  1. Restart the Active Console to reload Java and the new cacerts file.
  2. Add the top level Hub URL to the Tools > Setting > Advanced > SSO Agent URL.
  3. Try the SSO Login button and it should now work as expected.
  4. Reconnect your Active Console to your Gateway with SSO enabled.
["Geneos"] ["Geneos > Active Console"] ["FAQ"]

Was this topic helpful?