Article

SHASHIKALA's picture
article
Reads:

5203

Score:
1
1
1
 
Comments:

0

SSLVPN - KIOSK mode connection problem through https connection

Author Info

23 September 2009 - 1:57pm
Submitted by: SHASHIKALA

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

SSLVPN – KIOSK mode connection fails when trying to use a https connection. With a http connection it is working fine.

Scenario: User is trying to connect to SSLVPN server in KIOSK mode using an https connection

E.g. https://www.sslvpn.com:8443/sslvpn/login

Once he gives the authentication details to the server it tries to connect to the SSLVPN server but it never connects. When the log files are checked it displays "I/O Exception while fetching CIC policy from the Server.java.io.IOException: HTTPS hostname wrong: should be <sslvpn server's host name>"

Refer to the following screen shot.

Click to view.

How to rectify this problem???

The setup assumed here is Novell Access Manager Administration, Identity Server, and ESP enabled SSLVPN are installed on a single machine.

Log on to Novell Access Manager Administration console

E.g. http://<ip address of the admin console>:8080/nps
http://192.160.160.2:8080/nps

Remove the certificate associated with Identity Server and SSLVPN.

To do this, you first need to create a new certificate and associate the new certificate to the Identity Server and SSLVPN. Then you can remove the old certificate which was associated with the Identity Server and SSLVPN (this is optional).

Refer to http://www.novell.com/documentation/novellaccessmanager31/quickstarts/?page=/documentation/novellaccessmanager31/quickstarts/data/bookinfo.html to know how to create a certificate.

Following screen shots show that a new certificate with name cit_novell_com has been created and associated to both Identity Server and SSLVPN.

Click to view.

Click to view.

Once new certificate is created please update the servers, both SSLVPN and Identity Server. The update process may take 2 minutes since it restarts the tomcat. Once this is done ensure that the Identity Server and SSLVPN server is up with Green signal.

Click to view.

Now you can start a browser and connect to SSLVPN server using https connection. This will work fine.


Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell