Error : back-end Server (sernername) Certificate presented is bad SPS
Article ID: 7964
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
SITEMINDER
Issue/Introduction
When trying to reverse proxy to Wildfly 8.2 Jboss on https port from
CA Access Gateway (SPS). Though both Apache on CA Access Gateway (SPS)
and Jboss are listening on https ports, but when the reverse proxy
rule is configured to forward request to Jboss on https port it fails
with a noodle error.
The back-end Server(sernername) Certificate presented is bad
spsagenttrace.log :
[08/04/2017][12:44:17][5004][884][33b5b34e-f64f45eb-91beae44-a318f9e8-2f66bc4d-49][execute]
[Tried to send the request to backend web server three times.Throwing the exception to client. ]
[08/04/2017][12:44:17][5004][884][33b5b34e-f64f45eb-91beae44-a318f9e8-2f66bc4d-49]
[Noodle::doGet][com.rsa.ssl.SSLException: Certificate for <abc.xyz.com/192.168.1.2>
is not trusted or bad certificate
at com.netegrity.util.security.rsa.AbstractHostVerifier.verify(Unknown Source)]
When proxy rule is configured to forward request to Jboss on http port it works.
Environment
CA Access Gateway (SPS) 12.6 SP1
Cause
The back-end Server Certificate was not in the ca-bundle.cert of the
CA Access Gateway (SPS).
Resolution
Adding the self-signed certificate of the back-end server in the
ca-bundle.cert file resolved the issue (1).
Additional Information
(1)
Configuring SSL on HttpClient Noodle Manually
Download and Install the Certificates from the Certificate Authority
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/access-gateway-configuration/configuring-ssl-for-access-gateway/configuring-ssl-on-httpclient-noodle-manually.html
Feedback
Yes
No
Powered by
