Unable to Register ALM Client that uses ALM 15 Server

Question ID: 109780
0
0

We need to run “Register ALM client” on one of our servers that is running Jenkins and will integrate with ALM.

This server is a bit isolated and our IT department specifically does NOT run Windows Update on it for various reasons, so it is not getting the standard updates that might include these updated certs.

We CAN complete “register ALM Client” on our “normal” end-user PC’s, but on this SERVER, it fails and we get an “Unknown Publisher” error preventing the client from being registered. This is due to the expiration of the Sectigo AddTrust root certificate in May 2020.

Since it works on our workstations with Windows 7 and 10 I am assuming that it would work if we added all the certificates applied there, but they are reluctant to do that.

Marked as spam
Posted by (Questions: 185, Answers: 13)
Asked on August 4, 2020 10:47 am
10 views
Answers (1)
0
Private answer

You are on the right track!

Usually Windows Update should get the updates related to this cert, but examining a different working PC and copying certs is your fallback.

I have notified MicroFocus about this discrepancy related to the very OLD documentation relating to the certs and maybe they will update it soon.

So, the EASIEST solution is to allow Windows Update to occur on that PC/Server, and in lieu of that, you are left with comparing the working and not-working PC and migrating and cross/linking various certs yourself -- sorry it is not any easier.

Here are the MF references for handling this:

For reference see this very old 11.52 Patch 8 document: https://softwaresupport.softwaregrp.com/doc/KM02192516?fileName=SHA2_COMODO_KB_certificate_updated.pdf -- this PDF goes over getting the (now outdated) certs and manually putting them into the Windows Cert Import Wizard (root, then intermediate 1, then intermediate 2), BUT the cert hierarchy at Comodo has since changed.

Also, you could follow this KM https://softwaresupport.softwaregrp.com/doc/KM03573386 That shows how to manually update root certificates:

KM03573386 content here:

How to manually update root certificates on windows for machines which do not have internet access

It may be necessary to manually update root certificates on a Windows machine where the ALM Client certificates still won't allow the client installation

On a machine with internet access...

 

  1. Open a cmd prompt as admin
  2. Navigate to a folder somewhere, i.e C:Temp
  3. Type: CertUtil –generateSSTFromWU Rootstore.sst
  4. Current root certificates updates will download and write to the file "Rootstore.sst"
  5. Copy the .sst file from the path in Step 2 to the machine(s) which does not have internet access

On the machine without internet access...

 

  1. Click Start>Run. Alternatively click windows keyboard button + R
  2. Type: certmgr.msc - this opens the certificate manager
  3. Right click on the item "Trusted Root Certification Authorities
  4. Select All Tasks>Import
  5. Click Next
  6. Click "Browse", change the file type in the lower right selection drop-down to "All Files"
  7. Navigate to the location .sst file obtained from the previous set of steps and select the file
  8. Click Next
  9. Specify the radio item "Place all certificates in the following store. "Trusted Root Certification Authorities" should be specified
  10. Click Next, Click Finish - Note: It is necessary to click "Yes" very many times, each for every certificate which resides in the .sst file.
  11. Repeat steps 1-10 except specify the "Trusted Publishers" container for Steps 3 and 9

 

Marked as spam
Posted by (Questions: 3, Answers: 466)
Answered on August 4, 2020 12:05 pm