Certificate: getting the certificate for SSL and TLS services
Environment TOPdesk version SaaS / on-premises Requirements - Answer There are two main ways to retrieve the correct certificate. Below in the notes, we've listed some errors you might run into.
Environment TOPdesk version SaaS / on-premises Requirements - Answer There are two main ways to retrieve the correct certificate. Below in the notes, we've listed some errors you might run into. 1) Use a browser The easiest way to acquire a public certificate for web services (HTTPS) is by extracting it with the help of a browser. See knowledge item KI 5840 'Retrieve mail server certificate using browser' for more information. Furthermore, if you have an overview of the available certificates on the server, try to find the one with a validity that starts on the day that the import or authentication stopped working. 2) Use the tool attached If the above method is not possible or does not work, use the method below to recover certificates for HTTPS and SMTPS (regardless of TLS). The attached zip file (see at the top of this item) contains a batch file, a PowerShell file and a readme. You can execute the Start_GetCertificate.bat to execute the PowerShell script and retrieve the public certificate. No passwords are needed. To obtain the certificate of a cloud service (like Office 365): ⒈Extract all files in the zip to the same folder. ⒉Run 'Start_GetCertificate.bat' or 'get_certificate2.0.ps1' ⒊Answer the questions prompted by the PowerShell script: ⒜What is the server name? Enter the name or IP address that TOPdesk uses to connect to the server. Make sure to not include 'http://' or 'https://'. Examples: outlook.office365.com, my.topdesk.com For LDAP, enter the name or IP address of the AD server. ⒝What is the port? Enter the port you use to connect. For LDAP, this is usually 636. For mail import, usually 993. ⒋After answering the question, you will receive some information on the certificate that has been generated. Furthermore, a file [servername].cer will be generated. Upload this file to TOPdesk via Settings > Functional settings > Certificates. Note: If you see no 'Upload certificate' button on the Certificates settings page, then your TOPdesk has a version older than 11.10.12; see KI 14499 where you can upload the certificate in that case. Notes Warnings If you receive an error in the PowerShell window, an error.txt will have been created containing the more detailed error message. The most likely cause of the error is that the computer from which you run the script is not allowed to connect to the remote host. If the error persists, you can contact support with the details of the server and the error.txt. Errors when using incorrect certificate in TOPdesk Note that using an incorrect certificate often leads to the following error message in the log files: •sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target This error can also appear in the execution logs of an action sequence. In that case, the SSL certificate of the environment that the action sequence connects to should be added at the following location: •From version 11.10.12 and above you can now view and upload certificates via Functional Settings > Certificates •For versions below 11.10.12 you can still upload certificates for Action management via Module Settings > Action Management See KI 11337 for PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check