Unable To Load Certificate - SPS https issue with Back End Server

book

Article ID: 6450

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We are trying to add a new certificate for connecting via ssl to a back end web server using https.

We correctly added the certificate into the ca-bundle.cert file, but webagent trace log is reporting below errors while accessing the back end server via https:

[Certificate for <abc.xyz.mno.com/xx.yy.xx.yy> is not trusted or bad certificate]

Cause

The Back End Server was configured with TLS 1.3, which is not yet supported by the SPS 12.51 SP1.

12.52 SP1 SPS only supports TLSv1

server.conf:
<sslparams>
# Set the SSL protocol version to support:SSLv3, TLSv1
# NOTE: SSL version 2 is no longer supported

Environment

SiteMinder Agent for SharePoint, Version 12.52 SP01, Update None, Build 499

Resolution

Relaxing the constraint resolved the issue.

Additional Information

SPS/Agent for Sharepoint 12.52 SP1 CR4 and above now supports TLSv1, TLSv1.1, and TLSv1.2

Agent for SharePoint fails to connect to the backend server using the TLS protocol v1.1 or v1.2 (RTC 161547 / DE81766)

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr04

server.conf:
<sslparams>
# Set the SSL protocol version to support: TLSv1, TLSv1.1, and TLSv1.2
# NOTE: SSLv2 and SSLv3 are not recommended to be used