You want to configure the central log reporting or settings replication with two (2) IWSVA servers, one as log source and one as log server. However, if the log server's web UI uses SSL mode, you should import the opposite IWSVA certification file to each other and then register them using an HTTPS connection.
When trying to connect to the configuration replication source from the configuration receiver, you get the following error:
You are not connected to the replication source. Make sure the source's web console is accessable.
The issue occurs because one IWSVA server does not trust the certificate of the other when using the HTTPS interface. To resolve the issue, build a trust relationship between the two:
- On the primary IWSVA (configuration replication source) shell execute:
/usr/iwss/AdminUI/jre/bin/keytool -export -alias tomcat -file iwsvaweb.crt -keystore /etc/iscan/AdminUI/tomcat/keystore
- The default keystore password is "adminIWSS85". If that does not work, check the keystorePass for port 8443 in /var/iwss/tomcat/conf/server.xml
-
If you get the error message "keytool error: java.lang.Exception: Alias does not exist", check the name of the alias with the following command:
/usr/iwss/AdminUI/jre/bin/keytool -v -list -keystore /etc/iscan/AdminUI/tomcat/keystore
- If the certificate format is PKCS #12 (.p12 or .pfx), add "-storetype pkcs12" to the commands above.
- On both the configuration replication source AND receiver shell, execute:
/usr/iwss/AdminUI/jre/bin/keytool -importcert -noprompt -keystore /usr/iwss/AdminUI/jre/lib/security/cacerts -storepass changeit -alias tomcat -file iwsvaweb.crt/etc/iscan/S99IScanHttpd restart
- Try to connect to both IWSVA servers again through the AdminUI.
If the issue persists, contact Trend Micro Technical Support.
