GRE and GRAT applications are unable to understand thumbprint certificates from the Windows Microsoft Certificate Store while connecting to Configuration Server or Message Server. Consequently they cannot establish a TLS connection to either Configuration Server or Message Server, and a security error is generated, such as this:
15:14:31.445 Alarm 21363 [ServerConnectionMonitor][Thread-2]: connect(): caught exception while opening connection to server '<GRAT/GREServerVersion>'. Nested exception: Could not configure TLS.
Create certificates in .PEM format and private-keys in PKCS#8 format—see the example below.
Paths to the physical certificates can be configured either on the Application or the Connection level, but not on the Host level (despite this being a general Genesys recommendation). For Host level certificates, if GRAT and GRE are located on the same host as Configuration Server or Message Server or other C++ applications, the secured connection will not be established because C++ based applications do not accept PKCS#8 format.
You can convert private-key from PEM to PKCS#8 format using the following OpenSSL command:
openssl pkcs8 -topk8 –nocrypt -in tradfile.pem -out p8file.pem