Jump to: navigation, search

Security Certificates

GRE and GRAT applications are unable to understand thumbprint certificates from the Windows Microsoft Certificate Store while connecting to Configuration Server or Message Server. Consequently they cannot establish a TLS connection to either Configuration Server or Message Server, and a security error is generated, such as this:

15:14:31.445 Alarm 21363 [ServerConnectionMonitor][Thread-2]: connect(): caught exception while 
opening connection to server '<GRAT/GREServerVersion>'. Nested exception: Could not configure TLS.

Workaround

Create certificates in .PEM format and private-keys in PKCS#8 format—see the example below.

GRSSecurity1.png

Paths to the physical certificates can be configured either on the Application or the Connection level, but not on the Host level (despite this being a general Genesys recommendation). For Host level certificates, if GRAT and GRE are located on the same host as Configuration Server or Message Server or other C++ applications, the secured connection will not be established because C++ based applications do not accept PKCS#8 format.

You can convert private-key from PEM to PKCS#8 format using the following OpenSSL command:

openssl pkcs8 -topk8 –nocrypt -in tradfile.pem -out p8file.pem
This page was last modified on August 30, 2019, at 12:57.

Feedback

Comment on this article:

blog comments powered by Disqus