[SiteMinder][AccessGateway] How to forward request to backend server via HTTPS

book

Article ID: 207673

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

Access Gateway is configured to forward request to backend server via HTTPS and getting the following error.
[02/01/2021][15:00:43][2112][4584][727f159a-84b236a1-c1cabf1a-b355dff2-01a54bf8-10][execute][Tried to send the request to backend web server three times.Throwing the exception to client. ]
[02/01/2021][15:00:43][2112][4584][727f159a-84b236a1-c1cabf1a-b355dff2-01a54bf8-10][Noodle::doGet][com.ca.sso.smssl.SMSSLException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.ca.sso.smssl.socket.SMSSLSocketImpl.startHandshake(SMSSLSocketImpl.java:403)]

Cause

Access Gateway's Tomcat is a client to backend servers.

The configuration to the CA certificate store is defined in the server.conf as below.

This "ca-bundle.cert" is lacking the certificate chain of the backend server.

Environment

Release : 12.x.x

Component : Access Gateway

Resolution

Obtain the certificate chain of backend HTTPS server in PEM/BASE64 format.

Append the backend certificate chain in to the "ca-bundle.cert" file.

Restart Access Gateway service.

Attachments