How to resolve a Certificate Error with Internet Explorer (IE) similar to "There is a problem with this website's security certificate." when using CA Service Desk Manager (CA SDM) Tomcat with a Self Signed Certificate?

book

Article ID: 49136

calendar_today

Updated On:

Products

CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

Steps to secure the CA SDM Tomcat using a Self Signed Certificate are documented in the CA SDM Administrator Guide.

Once this has been completed, when users attempt to access CA SDM with IE using the SSL enabled URL of CA SDM Tomcat (ex: https://hostname:8443/CAisd/pdmweb.exe) , they may get a certificate error like: "There is a problem with this website's security certificate"

<Please see attached file for image>

Figure 1

The URL bar would also show an error like this:

<Please see attached file for image>

Figure 2

You could click on "Continue to this website (not recommended).", but the error keeps persisting for every new IE browser session against the CA SDM URL.

This document illustrates a high level overview of the steps that the CA SDM Administrator needs to follow to:

  1. Generate the Self Signed Certificate to secure CA SDM Tomcat

  2. Configure Internet Explorer users to accept the certificate without throwing a certificate error

Solution:

When generating the Self Signed SSL Certificate for CA SDM Tomcat using the steps mentioned in the CA SDM Administrator Guide:

  1. Ensure to use the SDM Server's Hostname as the Creator. For example, if your CA SDM sever hostname is casdm-prod, ensure to use this name when generating the certificate using genkey

  2. If you continue to get the error when accessing CA SDM via IE, left mouse click on the Certificate Error

    <Please see attached file for image>

    Figure 3

  3. Click View Certificates.

    <Please see attached file for image>

    Figure 4

  4. Ensure that the 'Issued to' field contains the hostname of the CA SDM Server being accessed via the IE Browser. If it is not, go back to regenerating the certificate again.

  5. Click on Install Certificate and click Next.

    <Please see attached file for image>

    Figure 5

  6. Select the option "Place all certificates in the following store" and click Browse.

    <Please see attached file for image>

    Figure 6

  7. Select Trusted Root Certification Authorities and click OK.

    <Please see attached file for image>

    Figure 7

  8. Click Next.

  9. Click Finish.

  10. Select Yes on the Security Warning.

  11. You will receive a message similar to the following:

    <Please see attached file for image>

    Figure 8

  12. Click OK on the next two (2) dialog boxes.

  13. Close all IE sessions and clear the web browser cache. Try to access the CA SDM Tomcat https URL. The certificate error should now disappear.

Notes:

  • As this involves adding a certificate to IE's certificate store, it is advised to consult your Network/ Security administrator to review this process.

  • Depending on the environment, you might also need the CA SDM URL to be added to the IE's Trusted Sites list. Consult with your Network/ Security administrator regarding this.

Environment

Release: UAPMAC990JPP-12.6-Asset Portfolio Management-Asset Configuration
Component:

Attachments

1558721429348000049136_sktwi1f5rjvs16w29.gif get_app
1558721427667000049136_sktwi1f5rjvs16w28.gif get_app
1558721425851000049136_sktwi1f5rjvs16w27.gif get_app
1558721424188000049136_sktwi1f5rjvs16w26.gif get_app
1558721422315000049136_sktwi1f5rjvs16w25.gif get_app
1558721420394000049136_sktwi1f5rjvs16w24.gif get_app
1558721418741000049136_sktwi1f5rjvs16w23.gif get_app
1558721416795000049136_sktwi1f5rjvs16w22.gif get_app