I edit my Instance in BPM Admin console, change Gateway URL to reflect HTTPS and insert the path on my BPM machine to the PEM file in the "SSL authority certificate file: " field (i.e. C:\cert.pem).
The error on ths instance when I restart it is: Problems with the SSL CA certificate.
I can successfully navigate to https:\topaz from IE on the BPM machine.
The controller log:
7/05/2011 12:46:37 FLOW Register: Agent: 'Agent1' for site 'Site1' with url: HTTPS://vmgtd04ov.wcbbc.wcbmain.com/topaz. 17/05/2011 12:46:37 FLOW Register: Name: vmgtd02ov-RDCMS2, location: Richmond, BC, version: 8.05. 17/05/2011 12:46:37 FLOW Register: Ip: 10.2.204.161 17/05/2011 12:46:37 FLOW Register: GMT Bias: 480 17/05/2011 12:46:37 WARNING SiteResponse: an error when trying to communicate with site 'Site1': "Problems with the SSL CA certificate." 17/05/2011 12:46:37 ERROR Error occurred in 'scomm response callback': SiteResp: Agent "Agent1" failed to register to site Site1 from configuration file
As far as I remember, at a customer I had put all the certs for the trust path in the same file and only then it worked. Something like this.
-----BEGIN CERTIFICATE----- Root ca cert here -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Intermediate cert -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- BAC server side cert -----END CERTIFICATE-----
See this from the hardening guide: The file can consist of the server-side certificate itself, or the certificate of the CA that issued the server-side certificate, or all certificates required for the trust path (all certificates must be placed in the same PEM file).