Message Image

Skip main navigation (Press Enter).

Symantec Access Management

View Only

Back to discussions

Expand all | Collapse all

SSL Bridging and CA Access gateway/SPS

Jaime BrittonJul 26, 2017 06:16 PM

We are using CA Access Gateway/SPS with NetScaler as the load balancer. When we set up SSL on the SPS ...

Osarobo IdehenJul 27, 2017 03:43 AM

Hello Jaime, There are known issues with SSL where you have a load balancer between the client and ...

1. SSL Bridging and CA Access gateway/SPS

0 Recommend
Jaime Britton
Posted Jul 26, 2017 06:16 PM

Reply Reply Privately
We are using CA Access Gateway/SPS with NetScaler as the load balancer. When we set up SSL on the SPS and try to access the HTTPS endpoint via the NetScaler load balanced URL, we are not having success unless we enable SSL bridging/pass-through on NetScaler. One of the errors we received without SSL Bridging enabled is below:

"Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL."

The above message was received while we were using HTTPS in the browser.

Accessing the HTTPS endpoint and bypassing NetScaler (via host entries) works fine.

Has anyone faced this issue before? Is there anyway to get this to work without SSL bridging?

SPS version: 12.52 SP1 CR04

Thanks,
Jaime
2. Re: SSL Bridging and CA Access gateway/SPS

0 Recommend
Broadcom Employee

Osarobo Idehen
Posted Jul 27, 2017 03:43 AM

Reply Reply Privately
Hello Jaime,

There are known issues with SSL where you have a load balancer between the client and SPS in versions prior to 12.6
SPS behind SSL accelerator is fully supported in 12.6 and 12.7:

SSL accelerator support—CA Access Gateway can now support environments where outward–facing load balancers support SSL acceleration.

https://communities.ca.com/message/241980501-upgrade-to-ca-single-sign-on-127

Osarobo

Copyright 2019. All rights reserved.

Powered by Higher Logic