Access Manager "SSL Communication is not operating correctly" error

  • 3243443
  • 11-Feb-2008
  • 26-Apr-2012

Environment


Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Support Pack 2 applied

Situation

Prior to upgrading to Access Manager 3 Support pack 2, the Admin Console healthcheck showed up all services as green and healthy. Immediately after upgrading the systems to SP2, healthcheck errors were reported on the Admin Console when looking at the IDP server health. The Admin console shows an SSL related error, but the certificates all look good. The following is what is shown on the Admin Console

< exServiceHealth exServiceName="SSL Communication"
exHealthStatus="Failed">

Check SSL connectivity. Possible expired SSL certificate.
SSL Communication is not operating correctly!
URL: https://idpcorp.ual.com/nidp/app/ping, Error: Connection refused

Resolution

reported to engineering. The baseURL defined has a TCP port of 443 and iptables is used to redirect this port to TCP 8443. In the current setup the healthcheck tries to to an application level ping to the localhost /nidp/app/ping URL on the IDP server at TCP port 443. Since the listener is actually on TCP 8443 and the healthcheck request from the IDP server itself does not go through the PREROUTING iptables interface, no response is obtained.

The fix will be in the AccessManager SP2 Interim release 1 build. When doing the SSL HealthCheck localhost PING, the potential URLs used for the PING are gathered from the following:
1) Tomcat server.xml Connectors
2) NetworkInterfaces as enumerated by Java
3) Last seen SSL port
4) Base URL

Feedback service temporarily unavailable. For content questions or problems, please contact Support.