KB Article #68137
Copilot crashing while opening any item like msg log, activity monitor
-- Copilot crashing while opening any item like msg log, activity monitor
-- Procedure of implementing SSL for accessing Integrator Server via Copilot
-- Copilot Connection to Sysman crashes after sometime without any error or warning
Resolution
-- If you are accessing remote Integrator server and facing issue like copilot disconnect with no known possible cause, it is better to try SSL connection.
Procedure of implementing SSL for accessing Integrator Server via Copilot:
1. Download and install tssetup.tgz/copilotsetup.tgz version 1.7.27 or later (for the Windows platform, and if you are not connecting remotely, you can skip this step)
2. On the XIB server and from the XIB user, run the following platform-independent commands (they are using the openssl tool distributed with XIB):
echo [req] > ssltemp.cnf
echo distinguished_name=req_distinguished_name >> ssltemp.cnf
echo [req_distinguished_name] >> ssltemp.cnf
echo ; umask 077
openssl req -x509 -subj /CN=XIBServer -keyout my_cert.pem -nodes -newkey rsa:1528 -new -out my_cert.pem -config ssltemp.cnf -ripemd160 -days 3650
echo # && echo y| cacls my_cert.pem /P %USERNAME%:F
3. Move the my_cert.pem file as $CORE_LOCAL/config/sysman/mandatory_ssl.pem or $CORE_LOCAL/config/sysman/optional_ssl.pem; you may delete the ssltemp.cnf file.
4. Remember that a copy command may change the file's permissions, move it instead or fix the security permissions. These files are ignored and an error message is printed if read or write permission is given to anyone except the XIB user.
5. If you have set up the mandatory_ssl.pem file, the connection is refused on on SSL handshake failure or if the client does not support SSL; with optional_ssl.pem handshake failure is ignored and old clients may still be used.
6. If you want to print the fingerprint of a certificate (same as the one displayed by the Axway GUI client) use this platform-independent command:
openssl x509 -in my_cert.pem -fingerprint -ripemd160 -noout
7. If you want to be absolutely sure that your client is prevented from setting up an non-SSL connection, start tsclient with the -x flag