SSL / Secure Socket Layer

Requirements

Configuration Steps

Unix

  1. Add to $PROTOP/bin/localenv (copy bin/localenv.x to bin/localenv if not present) :

    export USESSL=y

    Ex:

    USESSL=Y UNIX

  2. Add to $PROTOP/etc/[custId].pf:

    -certstorepath [PROTOPDIR]/certs

    Ex:

    CERTPATH

  3. Restart ProTop


Windows

  1. Add to %PROTOP%\bin\localenv.bat (copy bin\localenv.batx to bin\localenv.bat if not present):

    set USESSL=y

    Ex:

    WIN USESSL=y

  2. Add to %PROTOP%\etc[custid].pf:

    -certstorepath [drive]:[PROTOPDIR]\certs

    Ex:

    WIN CERTSTOREPATH

  3. Restart ProTop


Troubleshooting


Set ProTop debug level to 5 using pt3agent.[resrc].dbg in Protop’s tmp directory and restart Protop

echo 5 > pt3agent.proddb.dbg

Check in ProTop’s log directory for pt3agent.[resrc].log file for error messages.

Common problem:

Can’t find issuer certificate:

2020/08/06 22:50:28.790-04:00 0 Secure Socket Layer (SSL) failure. error code -54:  unable to get local issuer certificate: for xxxxxxxx.0 in <path>/certs (9318)
2020/08/06 22:50:28.791-04:00 9407 Connection failure for host <dashboard> port 443 transport TCP. (9407)
2020/08/06 22:50:28.791-04:00 newSocket: Connection to HTTP server: <dashboard> port 443 is unavailable.

Solution:

  1. Ensure certificate file in [path]/certs exists and have the required permissions
  2. Make sure -certstorepath [path to certificate] is valid in [PROTOPDIR]/etc/[custid].pf
  3. If the portal uses more than one certificate, you need to have all the Portal’s certificates in ProTop’s certs directory