How to forward request to backend server via HTTPS
Article ID: 207673
SITEMINDERCA Single Sign On Secure Proxy Server (SiteMinder)
Access Gateway is configured to forward request to backend server via HTTPS and getting the following error.
[02/01/2021][15:00:43][727f159a-84b236a1-c1cabf1a-b355dff2-01a54bf8-10][execute][Tried to send the request to backend web server three times.Throwing the exception to client. ] [02/01/2021][15:00:43][727f159a-84b236a1-c1cabf1a-b355dff2-01a54bf8-10][Noodle::doGet][com.ca.sso.smssl.SMSSLException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.ca.sso.smssl.socket.SMSSLSocketImpl.startHandshake(SMSSLSocketImpl.java:403)]
Release : 12.x.x
Component : Access Gateway
Access Gateway's Tomcat is a client to backend servers.
The configuration to the CA certificate store is defined in the server.conf as below.
This "ca-bundle.cert" is lacking the certificate chain of the backend server.
Obtain the certificate chain of backend HTTPS server in PEM/BASE64 format.
Append the backend certificate chain in to the "ca-bundle.cert" file.