ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
TCP Connection RST response from External AG server
Article ID: 192321
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On Agents (SiteMinder)CA Single Sign On Federation (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)SITEMINDER
SSL is enabled on Access Gateway server. When a user is trying to access Apache Webserver based application via Access Gateway they are getting "Site can't be accessed" error. Httpd error log contains the following messages:
[Mon Jun 01 15:50:44.900449 2020] [ssl:error] [pid 6672:tid 1776] [client XXX.XXX.XXX.XXX:38914] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
The problem was that a customer had SSLVerifyClient value set to "optional" on Apache side.
Release : 12.7
Component : SITEMINDER -WEB AGENT FOR APACHE
Set SSLVerifyClient to "optional_no_ca", or to "none" to completely disable it.