Highlighted
Absent Member.
Absent Member.
728 views

GWMC SSL URL rewite

Not sure if someone can answer this, but I am trying to make it so customers can log into their admin portal for GWMC without knowing the service port.

The problem I'm having is, if the customer browser is sent via HTTP on port 8120 it gets redirected to HTTPS on the host IP address then you get a certificate error because its using the server IP Address.

i.e. http://gwmc.domain.com:8120 --> https://192.168.1.28:8120

Does anybody know an easy way to do this within gwmc? I know I can do a JavaScript rewrite, but since GWMC is already doing the redirect, how do I redirect it to the DNS host name instead of the IP address?
Labels (1)
0 Likes
4 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: GWMC SSL URL rewite

I am assuming that the current cert is the default generated one which is self signed.
With that you will always get an error until a give instance of a browser is told to always accept it, a feature not all browsers support.
To fix this you will have to do some work with the certificate, either manage to export the public key and import it to all the systems that would require it, or more elegantly would be to remint the certificate against a Certificate Authority that those systems either already trust or one that you can readily add to their trust.

from your example am assuming that this is for for internal as opposed to external users, and this is an important point to note as the CA options are different for the 3 and/or mix.
___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: GWMC SSL URL rewite

The server is actually using a 3rd party cert and that is working great for both mobile devices and admin portal.

The issue arises when the client browser uses HTTP instead of HTTPS for the initial URL.


>>> konecnya<konecnya@no-mx.forums.microfocus.com> 11/2/2015 6:26 PM >>>


I am assuming that the current cert is the default generated one which
is self signed.
With that you will always get an error until a give instance of a
browser is told to always accept it, a feature not all browsers
support.
To fix this you will have to do some work with the certificate, either
manage to export the public key and import it to all the systems that
would require it, or more elegantly would be to remint the certificate
against a Certificate Authority that those systems either already trust
or one that you can readily add to their trust.

from your example am assuming that this is for for internal as opposed
to external users, and this is an important point to note as the CA
options are different for the 3 and/or mix.


--
Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php?userid=75037
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!
------------------------------------------------------------------------
konecnya's Profile: https://forums.novell.com/member.php?userid=75037
View this thread: https://forums.novell.com/showthread.php?t=494951
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: GWMC SSL URL rewite

In article <56386DFD.A42F.000C.1@grcc.edu>, Erich D. Flynn wrote:
> The server is actually using a 3rd party cert and that is working great for both mobile devices and admin

portal.
Ahh, that is good and answers many of the questions needed to move forward

> The issue arises when the client browser uses HTTP instead of HTTPS for the initial URL.

A) what is in /etc/HOSTNAME ?
Should match your gwmc.domain.com
B) what is in /etc/hosts relating to your public IP and the above host name. They should match.

I see that much of the relevant GMS bits are in what look like python and they point to different host type
variables. If they feed strait from the above two files, making sure they are correct may will sort you all
out with a reboot.

Of note, I don't see the remap to an IP address on the systems I can quickly check, with their HOSTNAME and
hosts files all pointing correctly.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please show your appreciation by clicking on
the star below. Thanks!
GMS troubleshooting tips at http://www.konecnyad.ca/andyk/gwmobility.htm


___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: GWMC SSL URL rewite

Interesting, I checked HOSTNAME & hosts files and they are correct.

If this isn't a global issue with GWMC, then maybe I will do a rebuild of the server. This one hasn't been rebuilt since the transition from SLES10x32 to SLES11x64.

Thanks for your feedback Andy.


>>> Andy Konecny<konecnya@no-mx.forums.microfocus.com> 11/4/2015 12:31 PM >>>

In article <56386DFD.A42F.000C.1@grcc.edu>, Erich D. Flynn wrote:

> The server is actually using a 3rd party cert and that is working great for both mobile devices and admin

portal.
Ahh, that is good and answers many of the questions needed to move forward


> The issue arises when the client browser uses HTTP instead of HTTPS for the initial URL.

A) what is in /etc/HOSTNAME ?
Should match your gwmc.domain.com
B) what is in /etc/hosts relating to your public IP and the above host name. They should match.

I see that much of the relevant GMS bits are in what look like python and they point to different host type
variables. If they feed strait from the above two files, making sure they are correct may will sort you all
out with a reboot.

Of note, I don't see the remap to an IP address on the systems I can quickly check, with their HOSTNAME and
hosts files all pointing correctly.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please show your appreciation by clicking on
the star below. Thanks!
GMS troubleshooting tips at http://www.konecnyad.ca/andyk/gwmobility.htm
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.