AnsweredAssumed Answered

How to put IdM User Console 12.6.7 with HTTPS (cert signed by MS CA)?

Question asked by docldap on Jul 4, 2017
Latest reply on Sep 7, 2017 by docldap

Hi experts,

 

we are dealing a issue here, because our goal is to setup IDM User Console over HTTPS. App server is JBoss eap 6.3.

 

Following JBoss documentation, we create a key and make the csr request, so a CA from our client (Microsoft CA) signed the cert. Chain has an intermediate certificate, so in fact there are 3 (idm server certificate, intermediate and root).

 

Doing that, we can not access HTTPS site. On Wireshark, we see that browsers performs its client hello in the correct way, but server responds with a ssl handshake failure (no details on ssl record, neither on JBoss log -also we set javax.net.debug=all, and no error regarding handshake is seen on JBoss server.log).

 

On the other hand, we tried with a self signed certificate (both first scenario certificate and the self signed one were made in the same way, using keytool command). Using a keystore with self signed certificate, https connection works fine, but of course we need to do it with a certificate signed by a local CA here.

 

In all cases, alias is always "tomcat".

 

Do some of you face this issue with JBoss? I think that perhaps it could be the MS Certificate Template with which the certificate is signed can be the cause, I am still investigating and doing more tests.

 

Thanks a lot.

Outcomes