Failed to configure SSL on HPSM 9.41

Hi experts,

I am trying to configure SSL on HPSM 9.41. I have followed all the steps in the guide /hpeb/attachments/hpeb/itrc-695/88054/1/SM9.30_TSO_LWSSO_Configuring_Guide.pdf and when I try to access my FQDN via https, SM login page is able to show up. However, when I login, I am getting the error, Service Manager Server is currently not available, please try again later. Same goes for windows client. (refer attachment for error message screenshot.)

When I checked the log file, I saw these 2 messages: 

RTE E GetPreference DOS attack detected! Session will be terminated.

JRTE I My client (0054FAB270355B7A5F64AAAD3EFD5595) has died, no heartbeat

JRTE W Could not kill thread 0054FAB270355B7A5F64AAAD3EFD5595. (not in the map)

Also, attached the sm.log file for your references.

Kindly assist me on this.

 

Thank you

  • Hi jw91,

    Please check cacerts from RUN folder is the same used by web client and windows client. Also the port defined on both windows and web client needs to be HTTP (13080 - default).

    Test using parameter ssl_reqClientAuth:0 on sm.ini no need to restart and see if you still have the same problem. Also check the web application server logs (e.g. Tomcat) and looks for SSL related errors.

    Let me know what you find.

  • Verified Answer

    The client with which you are trying to connect does not have the server certificate (cacerts), so the message "DOS" is indicated, that is, it detects a denial of service attack

  • hi nrobayoevo,

    Thanks for your reply.

    Yes, that's exact;y why I'm getting this error.

    Just to addon, /hpeb/attachments/hpeb/itrc-695/88054/1/SM9.30_TSO_LWSSO_Configuring_Guide.pdf this guide is missing one step which leads to this error.

    At Task 2 subtask 1 step no4, we need to include the command below:

    keytool -import -trustcacerts -alias root - keystore ./servercert.keystore -file mycacert.pem

    Trust this root certificate and saved it in the keystore then only you can run the following command, 

    keytool -import -trustcacerts -alias myserver - keystore ./servercert.keystore -file smserver_cert.pem

    Else there will be an error, Failed to establish chain of reply.

    Same goes for Task 2, subtask 2, step no.4

     

    Thank you