Installing Performance Monitoring Toolset and it w...
# adobep
Panman82
12/15/2023, 5:13 PMInstalling Performance Monitoring Toolset and it won't connect to the cfusion instance presumably due to the self-signed cert that I setup with the lockdown guide. How can PMT to trust that cert?
Panman82
12/15/2023, 5:13 PMPKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetPanman82
12/15/2023, 5:36 PMHumm... there is this so I could probably set it up to use the same keystore, but I cannot access PMT without first connecting a CF instance... https://helpx.adobe.com/coldfusion/performance-monitoring-toolset/secure-performance-monitoring-toolset-https.html
m
Mike Greider
12/15/2023, 6:28 PMYou could add your self signed cert to the keystore. I use portecle for a GIU into the key store and it's easy to add them in
p
Panman82
12/15/2023, 7:34 PMI got the cert out using the following command, but I don't know where to import it (don't do cert stuff much, especially with Java).
keytool -export -alias tomcat -keystore tomcat_.keystore_ -rfc -file tomcat_.cert_Panman82
12/15/2023, 7:36 PMSounds like I need to import it into a trust store, but how do I get PMT to use that?
m
Mike Greider
12/15/2023, 7:37 PMYou exported your self signed cert from tomcat's cacert ?
Mike Greider
12/15/2023, 7:37 PMI have never used PMT, but there should be a cacert for PMT if that is using a different jre. Just put it in that store and restart PMT
Mike Greider
12/15/2023, 7:38 PMI'll recommend porticle again if you haven't already downloaded it (it's free). If you want a gui, because you just browse to the cacert that you are interested in and import/export as needed
p
Panman82
12/15/2023, 7:46 PM> You exported your self signed cert from tomcat's cacert ?
Not from cacert, but from the generated keystore that the lockdown guide has you create.
Panman82
12/15/2023, 7:48 PMBut I'm going to see about getting an internal certificate to use instead (ActiveDirectory), then have CF use the windows cert store. Sound like a project for Monday though...
👍 1
s
Satyam Mishra
12/16/2023, 7:19 AM@Panman82
2 things to be done..
• Import the cert in keystore of PMT...this keystore is present in PMT/jre (standard location)... Restart jvm .."keystore-explore" is a great tool to do all this..
• When you add Cf server in PMT..you have a checkbox-"https".. just enable that
p
Panman82
12/18/2023, 3:58 PM@Satyam Mishra I'm not finding a keystore in the PMT jre nor jdk (changed to the updated version according to the lockdown guide).
Panman82
12/18/2023, 4:58 PMOkay, this seems relevant: https://helpx.adobe.com/coldfusion/kb/import-certificates-certificate-stores-coldfusion.html
s
Satyam Mishra
12/19/2023, 9:58 AM@Panman82
{pmt_homr}/jre/lib/security/cacerts
Here you can import the trusted cert.
2 Views