Product: TIBCO Spotfire®
Error when configuring HTTPS for Spotfire Statistics Services using self-signed certificate
In order to implement SSL, a web server must have an associated Certificate. Java provides a relatively simple command-line tool, called keytool, which can easily create a "self-signed" Certificate. Self-signed Certificates are simply user generated Certificates which have not been signed by a well-known CA.
To set up SSL it is necessary to configuring keystore file with a Certificate that can be used by your server, make relevant changes to server.xml, located in SPSERVER_HOME/tomcat/conf and modify the properties in the spserver.properties configuration file at SPSERVER_HOME/conf/.
In Spotfire Analyst & Desktop when data function is executed on the SSL configure TSSS for the first time a pop up window appears. This window gives warning about the self-signed certificate and there is an option to proceed. See screenshot for reference:
When the same data function is executed in Web Player there is no pop up screen and error is encountered. From Web Player log:
ERROR;2019-02-21T13:07:58,813+01:00;2019-02-21 12:07:58,813;8d72ee22-361d-43e5-b6b5-60c1d3757e4e;211304db579rso;WorkThread 63;email@example.com;Spotfire.Dxp.Framework.ApplicationModel.NotificationService;"Could not execute function call. The request was aborted: Could not create SSL/TLS secure channel (SecureFailure). Contact the administrator to make sure that the SSL certificate has been installed.
The error message we see in Web Player logs: "Contact the administrator to make sure that the SSL certificate has been installed" gives us the clue to the cause of the issue but not the exact location where the certificate need to be installed. If you open HTTPS configured TSSS server URL in Internet Explorer and proceed towards the page in the address bar you can see part concerning the certificate, press it and there more information is found regarding the certificate, in particular: "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store". See screenshot for reference:
To fix this issue on the Node Manager installation machine open the certificate > click install certificate > local machine > Place all certificates in the following store > browse to Trusted Root Certification Authorities > Click Next and Finish. After following this steps the error message from Web Player log is gone and data function can be executed on TSSS server from the Web Player. SSL configuration
SSL/TLS Configuration HOW-TO