May 8, 2017 at 9:37 am #17274
In our production environment, domain certificate was about to expire and I have renewed and imported new certificate in CTS server. I have imported to keystore and admin-keystore on two CTS servers. Replication is enabled between the two servers prior to the certificate renewal.
But when I check the replication status, it says unable to “Unable to connect to the server XXX on port XXX. Check this port is an administration port”
I tried to initialize the replication but below error occurs:
Error reading data from server xxxx:4444. There is
an error with the certificate presented by the server.
Details: simple bind failed: xxx:4444
Could you please let me know if i need to import the certificate to any other keystore. this is urgent as this happens in production.
Priya CMay 8, 2017 at 10:40 am #17275Chris RiddParticipant
If this is an urgent issue and you have a support subscription, then you should raise a ticket with ForgeRock support.May 8, 2017 at 11:00 am #17276
I don’t think we have a support subscription as this is new client.
Help me out if you have any idea. Do I need to import the certs to truststore and admin-truststore as well.
Priya cMay 8, 2017 at 12:16 pm #17278
I resolved the issue. Root cause is alias name was incorrect in admin-keystore.
I imported with alias name “server-cert” but it should be “admin-cert”. Once i changed the alias name and restarted CTS service,replication started working.
You must be logged in to reply to this topic.