ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Siteminder Secure Proxy Server logging Bad Certificate errors in server.log


Article ID: 53312


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



An SSL certificate is install or updated on a back-end web server, and the SPS begins logging...

[][ERROR] Exception caught. Message is: proxy: com.rsa.ssl.AlertedException Bad certificate

in the server.log


Please perform the following steps...

  1. Acquire root ca cert in PEM format (base64) for the CA that signed/created the Server Cert for back-end web server.

  2. Test the root ca certificate using a browser to validate the root ca certificate is listed in the browsers trusted ca's. The Browser should not throw any security warnings.

  3. After the root ca ertificate has been verified, the root ca certificate needs to be add to the cabundle file in the SPS. The root ca certificate in base64 PEM format should look something like...

    klhOy A bunch of stuff MIICPTCC
    -----END CERTIFICATE-----

  4. After the root ca certificate has been added to the end of the cabundle file and the file has been saved, restart the SPS to load the newly added root ca certificate.


Component: SMSPS