Symptom |
Probable Cause |
Corrective Action |
Self signed certificate is distributed on port TCP 36008 instead of port TCP 443
|
MBG does not automatically pick up certificate changes. You must restart the server after uploading a new web certificate. Otherwise, it distributes the self-signed certificate on port TCP 36008. |
Restart the MBG/MiCollab server after installing a new web server certificate. |
You installed the root certificate, but MiCollab for Mobile Clients are still unable to connect. |
Intermediate certificate missing from certificate chain. You need to install the correct intermediate certificate bundles. |
See Testing Server Certificates for additional information. Contact your Certificate Authority supplier for assistance with installing the intermediate certificates. |
The certificates available on a given MSL system are determined by the content of the ca-certificates rpm. On MSL 10.4 the current version is ca-certificates-2015.2.4-65.0.1.el6_6.noarch. That rpm contains file /etc/ssl/certs/ca-bundle.crt which contains the CA certificates of the primary Certificate Authorities. You can look at them using the following openssl commands:
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt
Below is an openssl command that can be used to show the certs being used by a particular server connection:
openssl s_client -showcerts -connect 10.35.29.49:443