[Resolved] CMEM-183467: When setting up V2 SEG in the AirWatch Console, full SSL certificate chain is not configured correctly

Version Identified

AirWatch 9.0.3

Identifier

CMEM-183467

Symptoms

As part of configuring V2 SEG in the AirWatch Console, upload an SSL certificate to be used to secure connections to the SEG server.  Once the V2 SEG server is fully configured, you'll find that only the end-entity certificate has been installed on the server, but any intermediate and root certificates have not been installed.  In some cases, this can cause SSL/TLS trust issues when devices attempt to connect to the server. 

Workaround

After completing installation, the AirWatch Secure Email Gateway Service will be running, however it will have not properly loaded the SSL certificate from the console. To resolve this, take the following steps:

  1. Copy the desired SSL certificate into the directory SecureEmailGateway/config/ssl-certs
  2. In the /config folder, open config.json in notepad
  3. Edit the segHttpServerConfig section as follows:
    1. Set httpsKeyStorePath to the relative location of the SSL certificate

      “httpsKeyStorePath” : “/config/ssl-certs/my_ssl_cert.pfx”
    2. Set httpsKeyStore to null

      “httpsKeyStore” : null
    3. Set httpsKeyStorePasscode to the password for the certificate private key, appending .plaintext. This will encrypt the password after saving and closing the config.json

      “httpsKeyStorePasscode” : “MyCertPassword123.plaintext”

 

Before saving and closing, the section should look like this:

"segHttpServerConfig" : {   
     "segHttpServerPort" : 443,   
     "segServerIsSsl" : true,   
     "httpsKeyStorePath" : "/config/ssl-certs/my_ssl_cert.pfx",   
     "httpsKeyStore" : null, 
     "httpsKeyStorePasscode" : "MyCertPassword123.plaintext" 
}

 

After restarting the SEG service, the passcode will now be in an encrypted format and this section will look like

"segHttpServerConfig" : {
     "segHttpServerPort" : 443,
     "segServerIsSsl" : true,
     "httpsKeyStorePath" : "/config/ssl-certs/my_ssl_cert.pfx",
     "httpsKeyStore" : "AAIAERmnl52/YKmHMBQGxo6XdpYfznJCPBUJ4CF1nG2AZAcx8yemPGD9f...",
     "httpsKeyStorePasscode" : "AAJKlMjFjz+yrrNOB5Qx+vKItRoEOSbw3uX8zHAcw5..."
}

 

Fix Version

This has been resolved in AirWatch 9.1. 

Have more questions? Submit a request

0 Comments

Article is closed for comments.