Unable to authenticate via SSL with the certificate that has been applied to the Notification Server.
search cancel

Unable to authenticate via SSL with the certificate that has been applied to the Notification Server.


Article ID: 152026


Updated On:


IT Management Suite


The customer is trying to install Symantec Management Platform 7 (SMP Server) on a server that uses SSL. The SSL certificate was issued with this format: computername.domain.com.
In this implementation, the server is NOT a member of the domain. As well the client machines will be part of a workgroup.
During the initial installation for the Symantec Management Platform, the configuration used was left as "Default Web Site" and "computername.domain.com" with ports 80 and 443 for his SSL implementation.

SIM installed all the MSIs for the platform but as soon as the configuration process started, it failed when trying to reach "https://computername.domain.com/Altiris/NS/Services/NSConfigurationWebService.asmx".
The customer received an HTTP error 401 Unauthorized in the installation logs.
When we copied the affected link, we got a window asking for authentication. The customer added the Admin credentials and IIS didn't accept them. We got a message saying that the credentials were invalid.

We noticed that if we tried:

we get to the page fine but there is an error in the certificate, which is expected because the certificate was issued for "computername.domain.com"

We tried https://computername.domain.com/Altiris/NS/Services/NSConfigurationWebService.asmx again and we got the same authentication window.
We tried to add the SSL certificate as Altiris KB 237409 "Configuring the Symantec Management Platform to use HTTPS (SSL) instead of HTTP." suggested but we got the same authentication window.

When we removed the SSL certificate and removed the 443 port from the Default Web Site,  we could access the desired page just fine:
When we tried http://computername.domain.com/Altiris/NS/Services/NSConfigurationWebService.asmx we got an HTTP error 403.1. Usually, this is because the server is not part of a domain.


ITMS 8.x


The SSL Certificate didn't match the computer name. Since the Server was not part of a domain, the server had an incomplete entry and because the SSL certificate was issued to use an FQDN for the name, this caused issues during authentication.


Make sure that the server name matches the certificate name. In this particular case, since the server was in a workgroup, the 'domain.com' suffix was not part of the computer name. The SSL Certificate was issued in "computername.domain.com" format so it was not matching properly for validation.


1. Go to Start>My Computer> right-click>Properties
2. Under the 'Computer Name' tab, click on 'Change'
3. When the 'Computer Name Changes' window opens, click on 'More...'
4. Under the 'DNS Suffix and NetBIOS Computer Name', add the 'domain.com' entry for the 'Primary DNS suffix on this computer
5. Save changes

After following the steps above you should be able to restart the installation process and finish with the configuration process.