cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
181
Views
1
Helpful
2
Replies

CONFIG WEBBRIDGE3

hamed1986
Level 1
Level 1

HELLO GUYS,

I want to implement webbridge3 on cms3.8.1 but gave me this error:

cms> pki list
User supplied certificates and keys:
webadmin.key
webadmin.crt
webbridge.key
webbridge.csr
certnew.cer
CARoot.cer

 

cms> pki match webbridge.key certnew.cer
Matching certificate and private key
cms> pki verify certnew.cer CARoot.cer
Success


cms> webbridge3 https listen a:443
cms> webbridge3 https certs webbridge.key CARoot.cer
cms> webbridge3 http-redirect enable
cms> webbridge3 c2w listen a:9999
cms> webbridge3 c2w certs webbridge.key CARoot.cer
cms> webbridge3 c2w trust CARoot.cer
cms> webbridge3 enable


FAILURE: HTTPS Key and certificate problem: certificate and key do not match
FAILURE: Webbridge3 configuration not complete


cms> webbridge3 https certs webbridge.key certnew.cer
cms> webbridge3 enable


SUCCESS: HTTPS Key and certificate pair match
FAILURE: HTTPS certificate verification error: depth=0
Verification error: unable to get local issuer certificate
Failed cert:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:00:00:00:13:17:8d:43:c8:d7:8f:50:25:00:00:00:00:00:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: DC=com, DC=dam-collab, CN=dam-collab-LDAP-SERVER-CA
Validity
Not Before: May 14 09:52:22 2024 GMT
Not After : May 14 09:52:22 2026 GMT
Subject: CN=cms.dam-collab.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:db:a4:4f:e7:57:bf:d1:ee:fe:28:66:16:9e:
68:00:54:d3:31:5c:4b:43:d5:3a:cd:f2:f0:95:d0:
b7:88:12:e0:46:78:56:1d:91:71:7d:7e:7d:37:16:
f6:f6:93:d9:96:79:11:d0:7d:9b:50:53:e4:c7:ed:
ec:dc:68:b0:d0:80:35:b9:2e:a0:e0:df:27:8b:df:
88:cc:c9:b2:dd:64:43:3d:c1:
FAILURE: Webbridge3 configuration not complete

2 Replies 2

b.winter
VIP
VIP

The certificate you use under "webbridge3 https certs <private-key.key> <cert.cer>" needs to include the whole cert-chain. The server-certificate and all the roots (intermediate and root CA). And not only the server cert.
The same also for "webbridge3 c2w certs <private-key.key> <cert.cer>"

Hello b.winter

I want to appreciate for your favour. I could not enable webbridge3 due to the fact that I did not make chain.cer but after I understood about my problem, everything started to work.