Skip to main content

Wave 5.0 Expired Root Certificate

  • Updated

Applies to Models: Wave

Table of Contents:

Removing Expired Windows Certificate

Removing Expired Linux Certificate

Installing New Windows Certificate

 

Summary:

It has been noted that the Wave 5.0 upgrade has experienced service interruptions due to a possible bad interaction with an expired root certificate in Windows.

Explanation of Behavior:

  • Wave Sync portal does not show the View tab or the Information tab when logged in through Wave Sync 
  • Log Example seen in Figure 1 will show the certificate issue
The cause of the issue is shown with the following logs:
2022-09-02 09:38:35.487 794 VERBOSE nx::network::ssl::ConnectingPipeline(0x1d1eb814530): Default certificate verification for server `us-east-1.mediator.vmsproxy.com` is failed: Verify certificate for host `us-east-1.mediator.vmsproxy.com` errors: { The issuer certificate of a locally looked up certificate could not be found }. Chain: { QSslCertificate("3", "03:1a:93:ad:00:2d:00:41:2b:c5:31:a4:8a:b0:e1:f9:d7:f6", "2lv6YbJAzRPaK9pnq0hrLw==", "R3", "us-east-1.mediator.vmsproxy.com", QMap((1, "us-east-1.mediator.vmsproxy.com")), QDateTime(2022-08-16 23:00:41.000 UTC Qt::UTC), QDateTime(2022-11-14 23:00:40.000 UTC Qt::UTC)), QSslCertificate("3", "91:2b:08:4a:cf:0c:18:a7:53:f6:d6:2e:25:a7:5f:5a", "6CnmXXxDB9b7wTwXngN6Ng==", "ISRG Root X1", "R3", QMap(), QDateTime(2020-09-04 00:00:00.000 UTC Qt::UTC), QDateTime(2025-09-15 16:00:00.000 UTC Qt::UTC)), QSslCertificate("3", "40:01:77:21:37:d4:e9:42:b8:ee:76:aa:3c:64:0a:b7", "weH/B/n2iEmCdNGhgFPqvw==", "DST Root CA X3", "ISRG Root X1", QMap(), QDateTime(2021-01-20 19:14:03.000 UTC Qt::UTC), QDateTime(2024-09-30 18:14:03.000 UTC Qt::UTC)) }
2022-09-02 09:38:35.487 794 VERBOSE nx::network::ssl::ConnectingPipeline(0x1d1eb814530): SSL error SSL_ERROR_SSL
2022-09-02 09:38:35.487 794 DEBUG nx::network::ssl::ConnectingPipeline(0x1d1eb814530): SSL fatal error 337047686. error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
The certificate is not verified when the mediaserver accesses a mediator link. This may result in issues even if the sync service is working now.
If the issue occurs again, the expired Root CA will need to be removed from the service certmgr.msc on Windows:

Figure 1

Resolution:

  • The current fix for this issue of Wave Sync not showing all tabs is to remove the expired certificate and reboot the server service. 

Step By Step for Removing Expired Windows Certificate:

 

1. Press and hold the CTRL key, then click the R key

2. Type certmgr.msc 

3. Press Enter

4. Navigate to Trusted Root Certificate Authorities (Figure 1)

5. Select the DST Root CA X3 (Expired 9/30/2021) (Figure 1)

6. Delete DST Root CA X3 (Expired 9/30/2021) (Figure 1)

 

certmgr--DSTRoot_CA_XA.pngFigure 1

7. Press and hold the CTRL key, then click the R key

8. Type services.msc 

9. Find the Hanwha Media Server

10. Right-click on the Hanwha Media Server service

11. Click Restart

NOTE: If after removing the expired certificate your server does not recover
Install the new certificate below

Step By Step for Removing Expired Linux Certificate:

 

1. Click on the Terminal icon (Figure 1)

 

mceclip0.png

Figure 1

2. Type sudo –s

3. Press Enter

4. Provide credentials for Linux

5. Press Enter

6. Type systemctl stop hanwha-mediaserver

7. Press Enter

8. Type nautilus

NOTE: nautilus is all lowercase

9. Press Enter

NOTE: Typing nautilus opens the: Linux version of Windows File Explorer,
once you execute the Nautilus command. That terminal session is closed

10. Select Filesystem from the left-hand menu (Figure 1)

11. In Nautilus/Filesystem navigate to: /opt/Hanwha/mediaserver/var/ssl (Figure 1)

 

mceclip0.png

Figure 1

 

12. Delete the Default.pem file

13. Click on the Terminal icon (Figure 2)

 

mceclip0.png

Figure 2

14. Type sudo –s

15. Provide credentials for Linux

16. Press Enter

17. Type systemctl start hanwha-mediaserver

18. Press Enter

 

Step By Step for Installing a New Certificate:

 

1. Download the latest certificate isrgrootx1.der

2. Double-click on the downloaded certificate

3. Click Install Certificate (Figure 1)

mceclip1.png

Figure 1

 

4. Select Local Machine (Figure 2)

5. Click Next(Figure 2)

 

mceclip2.png

Figure 2

6. Windows will prompt you to allow the program to install

7. Click Yes to allow the certificate to install

8. Select Place all Certificates in the following store (Figure 4)

9. Click Browse (Figure 3)

 

mceclip4.png

Figure 3

 

10. Select Trusted Root Certification Authorities (Figure 4)

 

mceclip5.png

Figure 4

 

11. Click Next

12. Click Finish to complete the import

13. Click OK (Figure 5)

 

mceclip6.png

Figure 5

 

 

14. Click Start in Windows

15. Type services.msc

16. Press Enter

17. Find Hanwha Media Server in Services

18. Right-click on Hanwha Media Server

19. Select restart

 

 

 

Related articles