Knowledge Doc: After upgrading the NAM Appliance to version 5.0.3 browser clients fail to connect due to certificate validation

0 Likes

Summary
After upgrading the Access Manager Appliance from 5.0.2 to 5.0.3 proxy service will send the server certificate only during the SSL handshake

Products
Access Manager (NAM)

Environment
Access Manager Appliance (SingleBox Solution) Version 5.0.3

Situation
Running an SSL Handshake the Server Certificate send just includes the Server Certificate but is missing any root certificates like in the example below

➤ openssl s_client -connect nam.kgast.local:443 -showcerts 
CONNECTED(00000004)
depth=0 CN = nam.kgast.local
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = nam.kgast.local
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:CN = nam.kgast.local
 i:OU = Organizational CA, O = NAM_TREE
-----BEGIN CERTIFICATE-----
MIIE7TCCA9WgAwIBAgIUJtqBlUchJuEbihY24Tpk0ERpdpAwDQYJKoZIhvcNAQEL
+++
++++++
eqZVT1sqAVl8PTeVmW+q1hU=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = nam.kgast.local
issuer=OU = Organizational CA, O = NAM_TREE


Read Full Knowledge Base Article for additional certificate examples, issues and resolution.


URL Name
KM000011980

Labels:

Knowledge Docs
Comment List
Related
Recommended