Outstanding Contributor.
Outstanding Contributor.

NGINX Troubleshooting


I am writing this as a future reference for myself and possibly for others that run into issues with NGINX as the new form endpoint as part of IDApps.

These issues were found on a 4.8.1. On this environment I had to uninstall and reinstall due to issues with the database, so the errors could come from uninstalling and installing the software. However, I suspect it could help others in troubleshooting NGINX.

In the file /opt/netiq/common/nginx/nginx.conf the port and server name was missing. Correct one should look like:

    server {
        listen 8600 ssl;
        server_name  myidapps.company.com;

Also check and make sure the URL to IDProv is correct in /opt/netiq/idm/apps/sites/ServiceRegistry.json.

On one server it stated that the package netiq-openssl-1.0.2u-32.x86_64 was installed, but there was no /opt/netiq/common/openssl folder. This was resolved with "rpm -ivh netiq-openssl-1.0.2u-32.x86_64.rpm --reinstall" from the 4.8.0 installation media (folder /IDM/packages/OpenSSL/x86_64/netiq-openssl-1.0.2r-33.x86_64.rpm). If these files are missing you don't get any error messages at all and the error.log is not even created.

Also make sure to change the certificate on NGINX to the same certificate as Tomcat uses following what @sma2006 stated in a previous post:
1) Extract cert and key from the pfx certificate (need openssl):
openssl pkcs12 -in nginx.pfx -nocerts -out nginx.key
openssl pkcs12 -in nginx.pfx -clcerts -nokeys -out nginx.crt
2) Copy files to /opt/netiq/common/nginx/cert and update pass.txt
3) Make sure novlua:novlua owns these files
4) Optionally update paths to files in nginx.conf
5) Restart nginx service.

This is running on Red Hat 8.1 but I guess troubleshooting this is not platform specific.

Best regards

Labels (1)
1 Reply
Outstanding Contributor.
Outstanding Contributor.


Adding in some more information on NGINX for future references.

Today I had to change the DNS name for IDApps. In order to update NGINX you must also update /opt/netiq/idm/apps/sites/config.ini. This file has the configuration for OSP, like IssuerURL, RedirectURL, LogoutURL, ClientID and ClientPass.

Best regards


The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.