Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎05-07-2021 06:35 AM Edited on ‎06-02-2022 08:56 AM By Anonymous

Article Id 190711

Technical Tip: Installing user certificate causes error in UI

Description

Status 500 error is displayed when navigating to the Certificate Management view in the Administration UI.  This can occur if the newly installed certificate was created as a User certificate instead of a Server certificate.
  


/bsc/logs/tomcat-admin/catalina.out exception:

Jan 29 10:54:44 fortinac tomcat-admin: Jan 29, 2021 10:54:44 AM com.bsc.servlet.HeartbeatServletContextListener$Heartbeat run
Jan 29 10:54:44 fortinac tomcat-admin: INFO: TomcatAdmin Max Memory (KBytes) 970,752 Free Memory (KBytes) 653,193 Threads: 55 Up Time: 0 Days 0 Hours 3 Minutes 0 Seconds Fri Jan 29 10:54:44 PST 2021
Jan 29 10:54:46 fortinac tomcat-admin: java.lang.ClassCastException: [B cannot be cast to java.lang.String
Jan 29 10:54:46 fortinac tomcat-admin: at com.bsc.api.certmgmt.CertificateAttrs.<init>(CertificateAttrs.java:225)
Jan 29 10:54:46 fortinac tomcat-admin: at com.bsc.api.certmgmt.KeystoreCertificateOwner.getCertificateAttrs(KeystoreCertificateOwner.java:271)
Jan 29 10:54:46 fortinac tomcat-admin: at com.bsc.plugin.adminguicert._AdminGUICertOwner_Tie._invoke(Unknown Source)
<...>


Scope
Version: 8.8.2

Solution
Workaround:  Contact Support for a workaround to clear the condition. 

 
Solution:  Addressed in versions 8.8.3 and 9.1.0.

 

WorkaroundRemove the target to which the user certificate was uploaded from the keystore. 
 

1.  List the alias names for the certificate targets in the keystore
keytool -list -v -keystore /bsc/campusMgr/.keystore -storepass ^8Bradford%23 | grep -i alias

Example:
> keytool -list -v -keystore /bsc/campusMgr/.keystore -storepass ^8Bradford%23 | grep -i alias
Alias name: agent << Persistent Agent
Alias name: portal  << Portal
Alias name: radius  << Local RADIUS Server
Alias name: radius_trust_0  << RADIUS Endpoint Trust
Alias name: tomcat  << Admin UI


2.  Delete the target to which the user certificate was installed from the keystore
keytool -delete -alias <target alias> -keystore /bsc/campusMgr/.keystore -storepass ^8Bradford%23

Example:  User certificate was installed to the Portal target
keytool -delete -alias portal -keystore .keystore -storepass ^8Bradford%23

The Certificate Management view should now be accessible in the UI.

 
 

3.  Recreate the deleted target in the Certificate Management list.  Click on another target then click Copy Certificate.

 
4.  Select the deleted target in the drill-down menu next to the To: field.
 
Example:
From: Admin UI
To: Portal
 

5.  Click OK.
 
6.  If the certificate copied is not the appropriate one for the newly added target, upload the corrected Server certificate files.



Labels:
266
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.