Cacerts file are trusted java keystore where the SSL certificates used by CAST Highlight are kept.
Details
HTTPS use SSL certificates for secure communication. When you are uploading results to CAST Highlight, initially SSL certificates are sent to the client (i.e your machine) from Highlight. Client tries to verify if certificate is trusted by looking into cacerts file ( trusted java keystore). If certificate is not trusted, then client does not allow to interact with Highlight.
If you are in a different network, there is a chance that Highlight certificates are not present in the cacerts file. Once we add this certificate to cacerts file, it becomes trusted and secure communication takes place.
Run the below commands to upload the certificates into trusted keystore cacerts.
keytool -import -trustcacerts -file "C:\Users\Downloads\certs\certs\CASTHighlightRPA.cer" -keystore "C:\Users\Downloads\cacerts" -alias Highlight
keytool -import -trustcacerts -file "C:\Users\Downloads\certs\certs\step1.cer" -keystore "C:\Users\Downloads\cacerts" -alias Highlight_root
keytool -import -trustcacerts -file "C:\Users\Downloads\certs\certs\step2.cer" -keystore "C:\Users\Downloads\cacerts" -alias Highlight_intermediate
One needs admin access, to run this commands or replace cacerts file with updated certs.
To inspect (list) certificates in your cacert keystore
keytool -list -v -keystore /path/to/cacertsNB:keytool has to be in your path, or can be found in the bin directory of your Java installation (e.g. C:/Program Files (x86)/Java/jre1.8/bin/keytool.exe).
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Ticket
43479, 41640
Comments