ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Browser gets randomly error 500

book

Article ID: 132519

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We're running CA Access Gateway (SPS) and randomly users gets return
code 500 in the browser and we want to know why and how to fix this.

Cause

The Policy Server fails to verify the certificate, because the CA Root
certificate is outdated, and as such it returns an error to SPS which
sends back to the browser 500 code :

smtracedefault.log: 

  [05/02/2019][14:36:11.637][14:36:11][8093][4001557360][AuthnRequestProtocol.java] 
  [verifySignatureOnRequest][126359be-0239c034-8cc7d9da-5168aea0-ba8fa1ed-4b][][][] 
  [][][][][][][][][][][][][][][][][Exception processing signature: 
  Verifying certificate has expired][][][][][][][][][][][][][][][][][][][][][][][] 
  [][][][][][][][][][][][][][] 
  
  and the lines before mentioned the certificate in usage :

  DSigVerInfoSerialNumber=12ef11b2 
  DSigVerInfoIssuerDN=CN=myname,OU=myunit,O=myorganization,L=mycity,ST=mystate,C=mycountry, 

  Exporting the Policy Store data (XPSExport), we can find the details
  of the certificate. Using Openssl to read it, then we notice that
  this transaction uses the following certificate which is out dated :

  <Property Name="CA.CDS::Certificate.Alias"> 
  <StringValue>my.cert.in.prod</StringValue> 
  Certificate: 
  Data: 
  Version: 3 (0x2) 
  Serial Number: 552568247 (0x12ef11b2) 
  Signature Algorithm: sha256WithRSAEncryption 
  Issuer: C = mycountry, ST = mystate, L = mycity, O = myorganization, OU = myunit, CN = myname 
  Validity 
  Not Before: Jan 22 07:00:00 2018 GMT 
  Not After : Apr 15 07:00:00 2018 GMT 
  Subject: C = mycountry, ST = mystate, L = mycity, O = myorganization, OU = myunit, CN = myname 
  Subject Public Key Info: 
  Public Key Algorithm: rsaEncryption 
 

Environment

Release: MSPPSF99000-12.51-Single Sign-On-Agent for Oracle PeopleSoft-MSP
Component:

Resolution

- In the AdminUI, from your certificates, find the ones signed with 
  this outdated certificate : 

  <Property Name="CA.CDS::Certificate.Alias"> 
  <StringValue>my.cert.in.prod</StringValue> 

  Serial Number: 552568247 (0x12ef11b2) 
  Signature Algorithm: sha256WithRSAEncryption 
  Issuer: C = mycountry, ST = mystate, L = mycity, O = myorganization, OU = myunit, CN = myname 
  Validity 
  Not Before: Jan 22 07:00:00 2018 GMT 
  Not After : Apr 15 07:00:00 2018 GMT 
  Subject: C = mycountry, ST = mystate, L = mycity, O = myorganization, OU = myunit, CN = myname 
  Subject Public Key Info: 
  Public Key Algorithm: rsaEncryption 

  and change in agreement with your partner the certificate, by 
  getting a new certificate signed with an up-to-date CA Root 
  certificate.