If cannot access Banner via login.pasadena.edu or logintest.pasadena.edu, the issue could be caused by expired Active Directory SSL certificate on EEI server.
How to Verify Certificate Issue:
- Log in as Linux user “eeiadmin” into EEI server (for example, eeitest1.pcc.local)
- Run command "tailcarbon", then try logging into Banner. "tailcarbon" will show certificate error messages.
How to Fix Certificate Issue:
- Log into Active Directory server (for example, pcctestdc.pcctest.local).
- Go to Certificate Console >> Console Root >> Certificates (Local Computer) >> Personal >> Certificates.
- Right click latest certificate >> All tasks >> Export >> Next >> Do not export private key >> Export as "Base-64 encoded X.509" >> enter file name >> then export
- Copy exported certificate to EEI server (for example, eeitest1.pcc.local)
- Go to EEI server (for example, eeitest1.pcc.local)
- Copy exported certificate to /home/eeiadmin/ssl-certificates/
- Name certificate as, for example, "/home/eeiadmin/ssl-certificates/pcctestdc.pcctest.local.20201009.crt"
- Alternatively, certificate can be retrieved by running the following command from EEI server: "openssl s_client -connect admin3.pcc.local:636". This will display the certificate on the screen, and the text can be copied and pasted to a file for import to the keystore. (Note: the server used in the -connect parameter must be the same one EEI is configured to use).
- Import certificate on EEI server (for example, eeitest1.pcc.local)
- cd /home/eeiadmin/ssl-certificates/
- Import new certificate by running, for example, "keytool -import -alias pcctestdc-2020-cert -keystore /u01/app/wso2is-5.7.0/repository/resources/security/client-truststore.jks -file /home/eeiadmin/ssl-certificates/pcctestdc.pcctest.local.20201009.crt"
- Type "yes" to import key
- Note: keystore password is located in PCC system admin keepass file and also in "PasadenaCC Banner8 Banner9.kdbx" keypass file under key "EIS/EEI Keystore Password".
- After successful import, run following Linux commands:
- eei (to verify EEI running)
- eeistop (to stop EEI)
- eei (to verify EEI stopped)
- eeistart (to start EEI)
- tailcarbon (to verify successful startup)
- Proceed to verify users can now log into Banner via login.pasadena.edu or logintest.pasadena.edu.