Article

SSLVPN – KIOSK mode connection fails when trying to use a https connection. With a http connection it is working fine.

Scenario: User is trying to connect to SSLVPN server in KIOSK mode using an https connection

E.g. https://www.sslvpn.com:8443/sslvpn/login

Once he gives the authentication details to the server it tries to connect to the SSLVPN server but it never connects. When the log files are checked it displays "I/O Exception while fetching CIC policy from the Server.java.io.IOException: HTTPS hostname wrong: should be <sslvpn server's host name>"

Refer to the following screen shot.

Click to view.

How to rectify this problem???

Log on to Novell Access Manager Administration console

E.g. http://<ip address of the admin console>:8080/nps
http://192.160.160.2:8080/nps

Remove the certificate associated with Identity Server and SSLVPN.

To do this, you first need to create a new certificate and associate the new certificate to the Identity Server and SSLVPN. Then you can remove the old certificate which was associated with the Identity Server and SSLVPN (this is optional).

Refer to http://www.novell.com/documentation/novellaccessmanager31/quickstarts/?page=/documentation/novellaccessmanager31/quickstarts/data/bookinfo.html to know how to create a certificate.

Following screen shots show that a new certificate with name cit_novell_com has been created and associated to both Identity Server and SSLVPN.

Click to view.

Click to view.

Once new certificate is created please update the servers, both SSLVPN and Identity Server. The update process may take 2 minutes since it restarts the tomcat. Once this is done ensure that the Identity Server and SSLVPN server is up with Green signal.

Click to view.

Now you can start a browser and connect to SSLVPN server using https connection. This will work fine.