"SSL Communication is not operating correctly!" warning on Identity Server healthcheck

  • 7001688
  • 21-Oct-2008
  • 26-Apr-2012

Environment

Novell Access Manager 3 Linux Novell Identity Server

Situation

  • Identity Server configured for authentication on port 443.
  • Iptables configured with a rule such as:
    "iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443"
    or
    "iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to <<IPADDRESS>>:8443"
  • With this setup, the Identity server health returns:

    SSL
    Communication is not operating correctly! URLhttps://<<IPADDRESS>>:443/nidp/app/ping Error: Connection refused
    (Required Action) Check SSL connectivity. Possible expired SSL certificate.

Resolution

The following is my /etc/init.d/idp_8443_redirect file (modified from Mark van Reijn's original)

# All rights reserved.
#
# Author: Mark van Reijn, Novell
#
#! /bin/sh
#! /etc/init.d/idp_8443_redirect
# ### BEGIN INIT INFO
# Provides: idp_8443_redirect
# Required-Start: SuSEfirewall2_setup $network $local_fs
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Redirect 8443 to 443 for Novell IdP
### END INIT INFO #

# Environment-specific variables.
IPT_BIN=/usr/sbin/iptables
IDP_IP=10.5.0.31

. /etc/rc.status

# First reset status of this service
rc_reset

case "$1" in
start)
echo -n "Starting IP Port redirection"
$IPT_BIN -t nat --flush

$IPT_BIN -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to $IDP_IP:8443
$IPT_BIN -t nat -A OUTPUT -p tcp -d $IDP_IP --dport 443 -j DNAT --to $IDP_IP:8443

rc_status -v
;;
stop)
echo -n "Flushing all IP Port redirection rules"
$IPT_BIN -t nat --flush
rc_status -v
;;
restart)
$0 stop
$0 start
rc_status
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
rc_exit

Additional Information

The '$IPT_BIN -t nat -A OUTPUT -p tcp -d $IDP_IP --dport 443 -j DNAT --to $IDP_IP:8443' command above will not work on SLES 9 (only SLES 10/11). It is not required on the SLES9 OS.