Tech Tip : CA Single Sign-On : Unable To Load Certificate - SPS https issue with Back End Server

Document created by Osarobo_Idehen Employee on Apr 21, 2017
Version 1Show Document
  • View in full screen mode

Issue:

We are trying to add a new certificate for connecting via SSL to a back end web server using https.

We correctly added the certificate into the ca-bundle.cert file, but webagent trace log is reporting errors while accessing the back end server via https:

[Certificate for <abc.xyz.mno.com/xx.yy.xx.yy> is not trusted or bad certificate]

 

Environment:

SiteMinder Agent for SharePoint, Version 12.52 SP01, Update None, Build 499

Cause:

The Back End Server was configured with TLS 1.3, which is not yet supported by the SPS 12.51 SP1.

12.52 SP1 SPS only supports TLSv1

server.conf:
<sslparams>
# Set the SSL protocol version to support: SSLv3, TLSv1
# NOTE: SSL version 2 is no longer supported

 

Resolution:

Relaxing the constraint resolved the issue.

 

Additional Information:

SPS/Agent for Sharepoint 12.52 SP1 CR4 and above now supports TLSv1, TLSv1.1, and TLSv1.2

Agent for SharePoint fails to connect to the backend server using the TLS protocol v1.1 or v1.2 (RTC 161547 / DE81766)

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr04

server.conf:
<sslparams>
# Set the SSL protocol version to support: TLSv1, TLSv1.1, and TLSv1.2
# NOTE: SSLv2 and SSLv3 are not recommended to be used

 

 

KD: TEC1301348

Attachments

    Outcomes