Working with HTTPS mostly entails more overhead to sort out certificates and extra attention to add them to a trusted store, Lumira is no exception. Before being able to connect to a Lumira Server that is properly configured to receive HTTPS connections, you need to configure your Lumira Desktop to trust the signed certificate used by Lumira Server. This Blog will show you how to add and trust Lumira Server certificate to your Lumira Desktop.
When you try to publish to Lumira Server over HTTPS without having your Lumira Desktop properly configured, you must get an error message similar to the one shown here:
If this is the error message that you are getting, then this blog is going to solve your problem. The following steps will highlight what needs to be done to resolve this issue.
Obtaining Lumira Server Certificate
The main issue here is that Lumira Desktop breaks the HTTPS connection simply because it does not trust the certificate of the Lumira Server. Thus, we need to obtain the certificate in this step and then add it as a trusted certificate to Lumira Destkop store in the next step.
There are many ways to download an SSL certificate. I prefer using Firefox for that. Here are the steps to doing that:
- In Firefox, browse to the Lumira launchpad URL, and make sure that you enter the HTTPS URL. Once the page loads, click on the security lock, then from the pop-up window click on “More Informaiton”
- In the next window, make sure you are in the “Security” tab and click “View Certificate”
- The next window showing detailed information about the certificate appears. Make sure you are on the “Details” tab, and click on the “Export…” button
- Choose a name and folder to place the exported certificate. Use the PEM format
Adding Certificate to Lumira Desktop Store
Now that we have obtained the certificate of Lumira Server and saved it locally on disk, we need to tell Lumira Desktop that this is a trusted certificate (even though it might be a self-signed certificate). Lumira Desktop maintains this information in a Java secure store in the following file:
C:\Program Files\SAP Lumira\Desktop\jre\lib\security\cacerts
To add entries to this file, you need a command-line tool called keytool. It is included in Java Runtime Environment (JRE) inside the “bin” folder. You must have an installed JRE on your system in order to use the command-line tool. According to the version of JRE you have on your system, the path to keytool should look like this:
Now, you need to open the Command Prompt and follow these steps:
- Change directory (cd) to the “bin” directory where keytool is located
- Run the following command:
C:\Program Files (x86)\Java\jre1.8.0_25\bin>keytool -keystore “C:\Program Files\SAP Lumira\Desktop\jre\lib\security\cacerts” -storepass changeit -import -trustcacerts -v -alias SERVER_ALIAS_NAME -file C:\temp\pemCert
Here are a few remarks about the command above:
“C:\Program Files\SAP Lumira\Desktop\jre\lib\security\cacerts” :This is the path to Lumira Desktop secure store (it is the same for all users)
-storepass changeit : This is the password of the secure store. It is the default password, it should be the same for all users unless it has been changed by an administrator.
SERVER_ALIAS_NAME : This is the alias name or host name of the Lumira Server. Please do not use the IP address. The certificate is bound to a hostname or alias.
C:\temp\pemCert : This is the path to the certificate that you obtained in the first step.
Verify the settings in Lumira Desktop preferences
Under the “Network” section of Lumira Desktop preferences make sure that you have the correct URL typed for “SAP Lumira Server” where you use https protocol, not http, and use the hostname or alias of the Lumira Server, and not the IP address. It should be the same SERVER_ALIAS_NAME that you used when you added the certificate using the keytool command line . This is an example of a valid URL:
Finally, try to publish your storyboard to SAP Lumira Server, and enter your credentials, your connection should successfully be established.