TCP Connection RST response from External AG server
Article ID: 192321
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
SSL is enabled on Access Gateway server.
When a user is trying to access Apache Webserver based application via Access Gateway they are getting "Site can't be accessed" error.
Httpd error log contains the following messages:
[Mon Jun 01 15:50:44.900449 2020] [ssl:error] [pid 6672:tid 1776] [client XXX.XXX.XXX.XXX:38914] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
When a user is trying to access Apache Webserver based application via Access Gateway they are getting "Site can't be accessed" error.
Httpd error log contains the following messages:
[Mon Jun 01 15:50:44.900449 2020] [ssl:error] [pid 6672:tid 1776] [client XXX.XXX.XXX.XXX:38914] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
Environment
Release : 12.7
Component : SITEMINDER -WEB AGENT FOR APACHE
Cause
The problem was that a customer had SSLVerifyClient value set to "optional" on Apache side.
Resolution
Set SSLVerifyClient to "optional_no_ca", or to "none" to completely disable it.
Feedback
Yes
No
Powered by
