Description:
Steps to secure the CA SDM Tomcat using a Self Signed Certificate are documented in the CA SDM Administrator Guide.
Once this has been completed, when users attempt to access CA SDM with IE using the SSL enabled URL of CA SDM Tomcat (ex: https://hostname:8443/CAisd/pdmweb.exe) , they may get a certificate error like: "There is a problem with this website's security certificate"
<Please see attached file for image>

The URL bar would also show an error like this:
<Please see attached file for image>

You could click on "Continue to this website (not recommended).", but the error keeps persisting for every new IE browser session against the CA SDM URL.
This document illustrates a high level overview of the steps that the CA SDM Administrator needs to follow to:
- Generate the Self Signed Certificate to secure CA SDM Tomcat
- Configure Internet Explorer users to accept the certificate without throwing a certificate error
Solution:
When generating the Self Signed SSL Certificate for CA SDM Tomcat using the steps mentioned in the CA SDM Administrator Guide:
- Ensure to use the SDM Server's Hostname as the Creator. For example, if your CA SDM sever hostname is casdm-prod, ensure to use this name when generating the certificate using genkey
- If you continue to get the error when accessing CA SDM via IE, left mouse click on the Certificate Error
<Please see attached file for image>

- Click View Certificates.
<Please see attached file for image>

- Ensure that the 'Issued to' field contains the hostname of the CA SDM Server being accessed via the IE Browser. If it is not, go back to regenerating the certificate again.
- Click on Install Certificate and click Next.
<Please see attached file for image>

- Select the option "Place all certificates in the following store" and click Browse.
<Please see attached file for image>

- Select Trusted Root Certification Authorities and click OK.
<Please see attached file for image>

- Click Next.
- Click Finish.
- Select Yes on the Security Warning.
- You will receive a message similar to the following:
<Please see attached file for image>

- Click OK on the next two (2) dialog boxes.
- Close all IE sessions and clear the web browser cache. Try to access the CA SDM Tomcat https URL. The certificate error should now disappear.
Notes:
- As this involves adding a certificate to IE's certificate store, it is advised to consult your Network/ Security administrator to review this process.
- Depending on the environment, you might also need the CA SDM URL to be added to the IE's Trusted Sites list. Consult with your Network/ Security administrator regarding this.