[SiteMinder][AccessGateway] How to forward request to backend server via HTTPS
Article ID: 207673
Updated On:
Products
SITEMINDER
CA Single Sign On Secure Proxy Server (SiteMinder)
Issue/Introduction
Access Gateway is configured to forward request to backend server via HTTPS and getting the following error.
[02/01/2021][15:00:43][2112][4584][727f159a-84b236a1-c1cabf1a-b355dff2-01a54bf8-10][execute][Tried to send the request to backend web server three times.Throwing the exception to client. ]
[02/01/2021][15:00:43][2112][4584][727f159a-84b236a1-c1cabf1a-b355dff2-01a54bf8-10][Noodle::doGet][com.ca.sso.smssl.SMSSLException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.ca.sso.smssl.socket.SMSSLSocketImpl.startHandshake(SMSSLSocketImpl.java:403)]
[02/01/2021][15:00:43][2112][4584][727f159a-84b236a1-c1cabf1a-b355dff2-01a54bf8-10][Noodle::doGet][com.ca.sso.smssl.SMSSLException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.ca.sso.smssl.socket.SMSSLSocketImpl.startHandshake(SMSSLSocketImpl.java:403)]
Environment
Release : 12.x.x
Component : Access Gateway
Cause
Access Gateway's Tomcat is a client to backend servers.
The configuration to the CA certificate store is defined in the server.conf as below.
This "ca-bundle.cert" is lacking the certificate chain of the backend server.
Resolution
Obtain the certificate chain of backend HTTPS server in PEM/BASE64 format.
Append the backend certificate chain in to the "ca-bundle.cert" file.
Restart Access Gateway service.
Feedback
Yes
No
Powered by
