Wikis - Page

Knowledge Doc: "Unsupported or unrecognized SSL message" error after replacing the eSP proxy certificate.

0 Likes

Summary
After replacing the eSP proxy certificate, users began having issues authenticating and were receiving a "100101043" error indicating that the IDP (Identity Provider) could not load the eSP metadata. The error "Unsupported or unrecognized SSL message" appeared in the catalina log.

Products
Access Manager (NAM)

Environment
Access Manager 5.0.2

Situation
The eSP (Embedded Service Provider) proxy certificate was replaced and users began complaining of authentication issues.
The user would receive a "100101043" error indicating that the IDP (Identity Provider) could not load the eSP metadata.

Cause
This metadata was being requested from the wrong URL.
Unable to load metadata for Embedded Service Provider: https://apps.example.com.au:80/nesp/idff/metadata
The request should be http or the port should be 443
e.g


http://apps.example.com.au:80/nesp/idff/metadata


or
https://apps.example.com.au:443/nesp/idff/metadata


This was not a configuration issue, this was caused by some underlying linking issue with the eSP and new certificate and was corrected by reassigning the proxy to the eSP and updating all Access Gateways.

Read Full Knowledge Base Article for Resolution



URL Name
KM000016311

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended