The issue occurs because one IWSVA server does not trust the certificate of the other when using the HTTPS interface. To resolve the issue, build a trust relationship between the two:
- On the primary IWSVA (configuration replication source) shell execute:
/usr/iwss/AdminUI/jre/bin/keytool -export -alias tomcat -file iwsvaweb.crt -keystore /etc/iscan/AdminUI/tomcat/keystore
- The default keystore password is "adminIWSS85". If that does not work, check the keystorePass for port 8443 in /var/iwss/tomcat/conf/server.xml
-
If you get the error message "keytool error: java.lang.Exception: Alias does not exist", check the name of the alias with the following command:
/usr/iwss/AdminUI/jre/bin/keytool -v -list -keystore /etc/iscan/AdminUI/tomcat/keystore
- If the certificate format is PKCS #12 (.p12 or .pfx), add "-storetype pkcs12" to the commands above.
- On both the configuration replication source AND receiver shell, execute:
/usr/iwss/AdminUI/jre/bin/keytool -importcert -noprompt -keystore /usr/iwss/AdminUI/jre/lib/security/cacerts -storepass changeit -alias tomcat -file iwsvaweb.crt/etc/iscan/S99IScanHttpd restart
- Try to connect to both IWSVA servers again through the AdminUI.
If the issue persists, contact Trend Micro Technical Support.