⚠️ OPSWAT Central Management v7 and My OPSWAT On-Premises (My OPSWAT Central Management v8) will reach End of Sale on July 31, 2025, and End of Life on January 31, 2027. We encourage you to upgrade to My OPSWAT Central Management v10 before Janauary 31, 2027, to ensure continued support and access to the latest features.

Unable to connect to OPSWAT Product instances that have enabled HTTPS mode

TermDetail
ProblemOPSWAT Central Management cannot connect to OPSWAT Product instances that have enabled HTTPS mode.
CauseThe certificates for the domains that the OPSWAT Product instances belong to have not been added to OPSWAT Central Management's trust store. The product instance's server address does not match its SSL certificate
TroubleshootingTesting connection returns the error "The server's security certificate is not trusted." Testing connection returns the error "Could not reach the server."
SolutionEnsure that the domains are trusted hosts for OPSWAT Central Management. Ensure that the product instance's server address match its SSL certificate.

When adding a new OPSWAT Product instance that has enabled HTTPS mode, it is possible to encounter several common errors as shown below.

The server's security certificate is not trusted.

One possible cause is that the domain that the instance belong to is not recognized as a trusted host, such as because of missing certificates. Please follow the instructions at Adding certificates to Java keystore.

Another cause is that the certificates may be invalid if they have already been added. In this case, please verify that the certificates are valid and add them again if necessary.

Could not reach the server.

The "Could not reach the server" error is a catch-all for miscellaneous connection errors. One such error is that the product instance's server address does not match its SSL certificate

To troubleshoot this error, first locate the gears_product_service.log.

  • On Windows: <Install folder>\OPSWAT\Central\tomcat\logs\gears_product_service.log
  • On Linux: /opt/ocm/tomcat/logs/gears_product_service.log

As an example, we have the instance testCore with the server address https://testhost:8008. This instance uses the SSL certificate with the Common Name (CN) testcore. There should be logs of the failed connection attempt similar to the snippet below:

Copy

The root cause "HTTPS hostname wrong: should be <testhost> executing GET https://testhost:8008/version" is logged because the SSL certificate's CN testcore does not match with the server address https://testhost:8008

There are several solutions for this issue:

  • Change the server address to match the SSL certificate, assuming the new address is valid.

    • Using the example, you would change the server address to https://testcore:8008 to match the SSL certificate.

  • Generate a new SSL certificate matching the desired server address and add it to the product instance.

    • Using the example, you would generate a new certificate with the CN testhost to match the desired address https://testhost:8008.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Unable to login to OPSWAT Central Management with setup wizard credentials
On This Page
Unable to connect to OPSWAT Product instances that have enabled HTTPS modeThe server's security certificate is not trusted.Could not reach the server.