SPS Error : back-end Server (servername) Certificate presented is bad
search cancel

SPS Error : back-end Server (servername) Certificate presented is bad

book

Article ID: 7964

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

When trying to reverse proxy to Wildfly Jboss on https port from Symantec Access Gateway (SPS). Though both Apache on Symantec Access Gateway (SPS) and Jboss are listening on https ports, but when the reverse proxy rule is configured to forward request to Jboss on https port it fails with a noodle error.

   The back-end Server(<servername>) Certificate presented is bad

spsagenttrace.log :

[08/04/2017][12:44:17][5004][884][][execute][Tried to send the request to backend web server three times.Throwing the exception to client. ]

[08/04/2017][12:44:17][5004][884][][Noodle::doGet][com.rsa.ssl.SSLException: Certificate for <_host.example.com/10.0.0.1> is not trusted or bad certificate at com.netegrity.util.security.rsa.AbstractHostVerifier.verify(Unknown Source)]

When proxy rule is configured to forward request to Jboss on http port it works.

 

Environment

Symantec Access Gateway (SPS) Any

 

Cause

 

The back-end Server Certificate was not in the ca-bundle.cert of the Symantec Access Gateway (SPS).

 

Resolution

 

Adding the self-signed certificate of the back-end server in the ca-bundle.cert file resolved the issue (1).

 

Additional Information

Powered by Wolken Software