Failure Authenticating to HACloud Through Internet Information Services (IIS)

  • Document ID:7024168
  • Creation Date:03-Oct-2019
  • Modified Date:11-Nov-2019
    • Micro Focus Products:
      Host Access for the Cloud (Reflection ZFE)
      Host Access Management and Security Server (MSS)

Environment

Host Access for the Cloud
Host Access Management and Security Server (MSS)
Microsoft Windows Server 2012 and later
Microsoft IIS 7.0 and later

Situation

When attempting to login to HACloud through IIS using TLS, the user receives an authentication failure.

The error “certificate_unknown(46)†is logged in the “zfe.log†file on the Management and Security Server (MSS).

Resolution

1. Create a new IIS certificate with:

  • Key Usage of Data Encipherment, Digital Signature, Key Encipherment, and Non Repudiation.
  • Extended Key Usage of Client Authentication and Server Authentication.
2. Install the new cert on IIS.

Cause

If IIS is using a self-signed certificate that is generated by IIS itself, it does not create a certificate with “Digital Signature†set in the certificate “Key Usage.â€