Highlighted
Absent Member.
Absent Member.
171 views

IE reporting ‘the connection to this website is untrusted’ issue

Hi team

 

Good day.

 

 

I need some help about IE reporting ‘the connection to this website is untrusted’ issue.

Customer’s network structure is like the attachment ‘ALM_ucmdb_access_v0.1.vsd’ showed. There are 2 Data Centers in this environment. And, there are 2 UCMDB servers on each DC. The security message does not pop up when only DC 1 servers are up and running. As soon as customer brings any server in DC 2 up, the security message pops up again.

 

UCMDB login page can be showed without that warning. Login to UCMDB via the top layer LB’s VIP, after hit login, the security warning pops up. This is before the loading status is displayed. Click Continue, UCMDB page is loaded successfully.

 

I found there is a known issue(QCCR1H95264) which is similar with customer’s issue and have fixed in 10.11 CUP3. But the customer confirms that he still gets the same error as above.  I also asked customer add a line ‘Permissions: all-permissions’ into MANIFEST.MF in ucmdb server folder. It is followed by ‘http://www.javaquery.com/2013/10/this-application-will-be-blocked-in.html’

But it doesn’t work. I found a specific thing. We tested on 2 workstations. All of them are using IE8. But one’s JRE is 1.7.76 and the other one is 1.7.45.

On the host with JRE 1.7.45, it would show:

But on the host with JRE 1.7.76, it doesn’t show ‘This application will be blocked in a future java security update because the JAR file manifest does not contain the Permissions attribute. Please contact the publisher for more information’.

 

 

 

For UCMDB server’s configuration, the 4 servers have the same UCMDB version, CUP version(10.11 CUP3 now) and configurations.

  1. LDAP settings; done via UCMDB UI
  2. HA settings; add “java.additional.43=-Djgroups.bind_addr=<ip_address>” into E:\HP\UCMDB\UCMDBServer\bin\wrapper.conf file on all 4 servers where the <ip_address> is replaced with the IP address of the respective server.
  3. DB connection setting;  all 4 servers have the same connection files (E:\HP\UCMDB\UCMDBServer\conf\jdbc.properties  and E:\HP\UCMDB\UCMDBServer\conf\ucmdb-tnsnames.ora)
  4. Customer’s Root certificate is imported to E:\HP\UCMDB\UCMDBServer\bin\jre\lib\security\cacerts as trusted certificate.

 

In regards to LB’s configuration, the customer said the LB between DCs are the same and the correct certificate is installed. The certificate used is CA signed certificate. The LB’s public certificate is imported to E:\HP\UCMDB\UCMDBServer\bin\jre\lib\security\cacerts as trusted certificate on 4 servers. The certificate is also imported to IE’s trusted root certificate. They don’t believe it is the LB configuration issue because the error message that they are getting.; “JAR file manifest does not contain the Permissions attribute” error.

 

I checked more on customer’s environment. The load balancer does the certificate stripping. The traffic from client web browser is via HTTPS. When it hits the LB, the LB remove the certificate and pass the traffic to UCMDB server via http.

 

I suspect the issue is not on ucmdb side but on load balance now. But if we are going to say the issue is in the load balancer side, we need to advise the customer which configuration that needs to be checked. Or, what information from the load balancer side that we need before we say it is the load balance’s configuration issue?

Could you please give me an advice?

Regards,
Hao Yang

“HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.”

Click the KUDOS star on the left to say 'Thanks'
0 Likes
1 Reply
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: IE reporting ‘the connection to this website is untrusted’ issue

Hello Joker ,

 

I hope you are doing well .

 

Thanks for all the details in this thread .

 

I confirmed that the CUP 3 has a fix . We suggest that the best option is create a ticket to receive the oportunity and specific support in this issue .

 

Best regards,

Melissa Carranza Mejias
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation. “
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.