Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
After Installation and configurations of Client Login Extension- CLE, Clicking the ForgottenPassword link on the Credential provider would simply throw error and does not launch SSPR setup page.
This is because CLE requires a valid Certificate to be installed on the client box and only then SSPR page would be rendered appropriately.
Creating a Valid Certificate from getacert.com
Steps:
1. Navigate to https://getacert.com/selfsignedcert.html
2. Provide the details of below
host-name , organization, dept, email, city, state,country and Expiry (10 years)
3.Review and Submit Self signed request
4.Download all the 4 certs
a)Private key :
b)Certificate request (.csr):
c)Public key(.cer) :
d)Entire certificate (pkcs12) :
Note: Your certificate password is the word 'password' (without any quote marks)
5.Launch the SSPR URL from another Browser -->Login as Administrator-->Configuration Editor -->In the search field type "https private key and certificate"
ex: https://xx.xx.xx.xx:8443/sspr
6.Use the pkcs12 certificate which was generated with private key as "password" and upload the same certificate.
8.Navigate to client machine where CLE is installed, Login to the machine as administrator and open browser IE11 and launch the example SSPR page https://xx.xx.xx.xx:8443/sspr . Download SSPR certificate by selecting view (Certificate1) and Copy to file and Export it to Desktop
9.Download the root certificate of getacert issuer
->Make sure you have your Certificate Signing Request (CSR) file ready
->Go to getacert.com.
->Click the "Submit certificate signing request (CSR)" link in the menu.
->Open your .csr file in a text editor.
->Copy and paste the CSR content into getacert.com form.
->Click "SubmitCSR" button.
->Download the root certificate getacert.cer (Certificate 2)
10. Now on the client machine where CLE is Installed:
Launch mmc-->Add remove snapin-->Certificates-->Trusted Root Certificate Authorities ( Computer Account-->Import both Certificate 1 and Certificate 2
11.Restart Self Service Password reset service and also restart the client machine where CLE is installed and configured with above certificate entitlements.
Observed:
CLE now works seamless and launches SSPR page appropriately for password reset functionality.
Note:The certificate signed by getacert.com is a valid public key certificate. You can use it for testing purpose as long as you keep it together with getacert.com certificate, because getacert.com is not a trusted root CA.