-
Title
Warning When Starting a PSM Session: "The connection to this website is untrusted" -
Description
When starting a PSM session the following Java popup appears:
"Do you want to Continue?
The connection to this website is untrusted.
Note: The certificate is not valid and cannot be used to verify the identity of this website."
Clicking on "More Information" shows
ISSUE 1: "The Certificate Authority that issued this certificate is not trusted".
or
ISSUE 2: "The digital signature for this application was generated with a certificate from a trusted certificate authority, but we are unable to ensure that it was not revoked by that authority."
-
Cause
ISSUE 1
The trusted Certificate Authority certificate that signed the certificate imported into TPAM has not been imported into the Java certificate store. From 2.5.916, PSM uses Java Web Start rather than an applet. As such, Java no longer utilise the root certificates used on the machine/browser.
ISSUE 2
When Java (8u31 and above) runs, by default, it checks the certificates in use to ensure they haven’t been revoked by the Certificate Authority that issued them. The error means the certificate installed onto TPAM does not have OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation list) revocation points for Java to check.
-
Resolution
ISSUE 1
- From Control Panel | Java | Security Tab, click the "Manage Certificates" button.
- Select "Secure Site CA" from the drop down and import the Root Certificate Authority certificate and intermediate certificates.
ISSUE 2
Disable revocation checks in Java:
- From Control Panel | Java | Advanced Tab, Set "Perform TLS certificate revocation checks on" to "Do not check (not recommended")
or
- Reissue the certificate installed on TPAM, and include the required CRL/OCSP points.