Problem:


If cannot access Banner via login.pasadena.edu or logintest.pasadena.edu, the issue could be caused by expired Active Directory SSL certificate on EEI server. 


How to Verify Certificate Issue:

 

  1. Log in as Linux user “eeiadmin” into EEI server (for example, eeitest1.pcc.local)  
  2. Run command "tailcarbon", then try logging into Banner.   "tailcarbon" will show certificate error messages. 

 

How to Fix Certificate Issue:

  1. Log into Active Directory server (for example, pcctestdc.pcctest.local).
  2. Go to Certificate Console >> Console Root >> Certificates (Local Computer) >> Personal >> Certificates.
  3. Right click latest certificate >> All tasks >> Export >> Next >> Do not export private key >> Export as "Base-64 encoded X.509" >> enter file name >> then export
  4. Copy exported certificate to EEI server (for example, eeitest1.pcc.local)  
    1. Go to EEI server (for example, eeitest1.pcc.local)  
    2. Copy exported certificate to /home/eeiadmin/ssl-certificates/
    3. Name certificate as, for example,  "/home/eeiadmin/ssl-certificates/pcctestdc.pcctest.local.20201009.crt"
    4. Alternatively, certificate can be retrieved by running the following command from EEI server: "openssl s_client -connect admin3.pcc.local:636".  This will display the certificate on the screen, and the text can be copied and pasted to a file for import to the keystore.  (Note: the server used in the -connect parameter must be the same one EEI is configured to use).  
  5. Import certificate on EEI server (for example, eeitest1.pcc.local)  
    1. cd /home/eeiadmin/ssl-certificates/
    2. Import new certificate by running, for example,  "keytool -import -alias pcctestdc-2020-cert -keystore /u01/app/wso2is-5.7.0/repository/resources/security/client-truststore.jks -file /home/eeiadmin/ssl-certificates/pcctestdc.pcctest.local.20201009.crt"
    3. Type "yes" to import key
    4. Note: keystore password is located in PCC system admin keepass file and also in "PasadenaCC Banner8 Banner9.kdbx" keypass file under key "EIS/EEI Keystore Password".
  6. After successful import,  run following Linux commands:
    1. eei            (to verify EEI running)
    2. eeistop     (to stop EEI)
    3. eei            (to verify EEI stopped)
    4. eeistart     (to start EEI)
    5. tailcarbon (to verify successful startup)
  7. Proceed to verify users can now log into Banner via login.pasadena.edu or logintest.pasadena.edu.