Getting error while logging through trusted sign on via windows client

Hello Experts,

 

I am trying to connect SSL via windows client of HP Service Manager.

I am getting attached error..I am unable to login into SM via trusted sign on option.

I am getting below error in log files...also screenshot attached.

 

JRTE E No SSL certificate was presented by the peer!
6008( 7096) 11/05/2015 11:36:45 JRTE W Send error response: Client Authentication failed.

 

Regards,

 

Tags:

  • This error usually indicates the client SSL certificate is incorrect in some way. Is the WIndows Client configured to use the client SSL certificate? If so was the client SSL certifficate signed by same root CA as the server  certificate?

  •  

    Hello Expert,

     

    Thanks for your valid response. Windows client has configured with cacerts and client(FQDN).keystore

    Yes, client certificates has been generated in the same server where server certificate generated.

     

    I have generated server and windows client and web client certficates from SM application server only.

    Please suggest what I am doing wrong.

     

    Regards,

     

     

  • Go to the sm.ini and set the ssl_clientRequestAuth to 0

    ssl_clientRequestAuth:0

    Stop/restart Service Manager

    Test SSL login to Service Manager with the eclipse client

    Does it work? If so then go to the next step. If not then your server certificates are not working

    Set ssl_clientRequestAuth to 1

    ssl_clientRequestAuth:1

    Stop/restart Service Manager

    Does it work? If so go to the next step. If not then the problem is with the client SSL certificate

    Set ssl_clientRequestAuth 2

    ssl_clientRequestAuth:2

    Stop/Restart Service Manager

    Login to Service Manager with eclipse client

    Does it fail? If so then the problem is with the trustedclients.keystore on the server. More than likely the client certificate was not imported to it.

  • Hello Experts,

     

    Thanks for your reply. I will get back to you soon.

    Regards,

     

  • Hello Experts,

     

    I have tried with your options...still I am unable to login via windows client...when I set the parameter to 0, den again I am getting same error.  As you told it may be server certificate issue, so I have regenerated and tried again but result is same I got again.

     

    For creating certificates I am giving the  java_home path in server and client batch files before run from command prompt as:  java installation folder C:\Program Files\Java\jdk 1.7.0.75\jre ...  is this the right path?

     

    Please suggest.

     

    Regards,

  • Hello Experts,

     

    I have tried with your options...still I am unable to login via windows client...when I set the parameter to 0, den again I am getting same error.  As you told it may be server certificate issue, so I have regenerated and tried again but result is same I got again.

     

    For creating certificates I am giving the  java_home path in server and client batch files before run from command prompt as:  java installation folder C:\Program Files\Java\jdk 1.7.0.75\jre ...  is this the right path?

     

    Please suggest.

     

    Regards,

  • If you're getting SSL errors when the setting is at 0 then the server certificates are incorrect. When you created the self signed certificates did you encounter any errors? Which batch files are you referring to? Over time I know that a few consultants have created and published their own batch files to make certificate generation easier, but they'er not the 'end all' perfect toolset if something is not quite right on the system being used to create the certs. 

    First thing I would like to know is if you get an error when creating the server keystore and truststore. 

    If you add debughttp:1 to the sm.ini file and attempt to login what do you see in the sm.log file? 

     

  • Did you turn on the debugging parameters and run through the steps? As I mentioned, if it fails when the ssl parameter is set to 0 then the server certificates are not correct. The method of generating SSL certificates are not unqiue to Service Manager.