Configure proxy rule to redirect the request to the backend https enabled application URL.
We are getting an error Noodle_GenericException at browser.
From SPS server.log or nohup.log, we can confirm trusted certificate found
[06/Mar/2017:11:08:14-985] [INFO] - Found trusted certificate: [
Serial Number: 1234567890000000000
SignatureAlgorithm: SHA256withRSA (1.2.840.1234188.8.131.52)
Issuer Name: CN=SMSSO, OU=Support, O=CA, L=AUS, ST=AUS, C=AUS
Validity From: Fri Mar 03 14:51:52 CST 2017
To: Thu Feb 21 14:51:52 CST 2019
Subject Name: CN=my.smdemo.com, OU=Support, O=CA, L=AUS, ST=AUS, C=AUS
but later reported Internal error
[06/Mar/2017:11:08:15-016] [INFO] - ***Created and initialized encryption cipher
[06/Mar/2017:11:08:15-016] [INFO] - CipherAlg: AES/CBC/NoPadding
[06/Mar/2017:11:08:15-016] [INFO] - CipherKey: 12345..a53c46a643d66890e2dee0f43096632c1a6ae0bed0b7c288e91685a7c35
[06/Mar/2017:11:08:15-016] [INFO] - ***Created and initialized Mac
[06/Mar/2017:11:08:15-016] [INFO] - MacAlg: HmacSHA1
[06/Mar/2017:11:08:15-016] [INFO] - MacKey: 12345..3f8a49733025b5c9139dd9412c34606e8e1
[06/Mar/2017:11:08:15-016] [INFO] - Mac length used: 20
[06/Mar/2017:11:08:15-016] [INFO] - ***SEND Alert Fatal, Internal Error
Based on the flow in server log, SPS is able to find the trusted CA but get an error when it try to create and initialized encryption cipher. This is an indication JCE patch not apply causing the issue.
JRE need to have JCE patched
Snippet from documentation:
JCE patches required -- The current Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction patches are required to use the Java cryptographic algorithms. To locate the JCE package for your operating platform, go to the Oracle website.
Apply the patches to the following files on your system:
These files are in the following directories:
jre_home specifies the location of the Java Runtime Environment installation.
Enable logging to debug SSL in SPS
For SPS the files to apply that debug setting are :
Windows : proxy-engine/conf/SmSpsProxyEngine.properties
Unix : proxy-engine/proxyserver.sh
Need to add the parameter -Djavax.net.debug=all to the java startup command.