Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..
835 views

Failed to configure SSL on HPSM 9.41

Jump to solution

Hi experts,

I am trying to configure SSL on HPSM 9.41. I have followed all the steps in the guide /hpeb/attachments/hpeb/itrc-695/88054/1/SM9.30_TSO_LWSSO_Configuring_Guide.pdf and when I try to access my FQDN via https, SM login page is able to show up. However, when I login, I am getting the error, Service Manager Server is currently not available, please try again later. Same goes for windows client. (refer attachment for error message screenshot.)

When I checked the log file, I saw these 2 messages: 

RTE E GetPreference DOS attack detected! Session will be terminated.

JRTE I My client (0054FAB270355B7A5F64AAAD3EFD5595) has died, no heartbeat

JRTE W Could not kill thread 0054FAB270355B7A5F64AAAD3EFD5595. (not in the map)

Also, attached the sm.log file for your references.

Kindly assist me on this.

 

Thank you

0 Likes
1 Solution

Accepted Solutions
Highlighted
Established Member..
Established Member..

The client with which you are trying to connect does not have the server certificate (cacerts), so the message "DOS" is indicated, that is, it detects a denial of service attack

View solution in original post

0 Likes
3 Replies
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Hi jw91,

Please check cacerts from RUN folder is the same used by web client and windows client. Also the port defined on both windows and web client needs to be HTTP (13080 - default).

Test using parameter ssl_reqClientAuth:0 on sm.ini no need to restart and see if you still have the same problem. Also check the web application server logs (e.g. Tomcat) and looks for SSL related errors.

Let me know what you find.

SM Support Engineer

Thank you for using the Micro Focus Community. If you find that this or any post resolves your issue, please be sure to mark it as an "accept as solution".
0 Likes
Highlighted
Established Member..
Established Member..

The client with which you are trying to connect does not have the server certificate (cacerts), so the message "DOS" is indicated, that is, it detects a denial of service attack

View solution in original post

0 Likes
Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

hi nrobayoevo,

Thanks for your reply.

Yes, that's exact;y why I'm getting this error.

Just to addon, /hpeb/attachments/hpeb/itrc-695/88054/1/SM9.30_TSO_LWSSO_Configuring_Guide.pdf this guide is missing one step which leads to this error.

At Task 2 subtask 1 step no4, we need to include the command below:

keytool -import -trustcacerts -alias root - keystore ./servercert.keystore -file mycacert.pem

Trust this root certificate and saved it in the keystore then only you can run the following command, 

keytool -import -trustcacerts -alias myserver - keystore ./servercert.keystore -file smserver_cert.pem

Else there will be an error, Failed to establish chain of reply.

Same goes for Task 2, subtask 2, step no.4

 

Thank you

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.