Layer 7 Access Management

Tech Tip : CA Single Sign-On : when you run Internet Explorer, you face problems

  • 1.  Tech Tip : CA Single Sign-On : when you run Internet Explorer, you face problems

    Posted 10-15-2018 04:46 AM

    Issue:


    We're running the Internet Explorer browser, this one returns error :

     

    DLG_FLAGS_SEC_CERT_CN_INVALID

     

    The hostname in the website's security certificate differs from the
    website we are trying to visit.

     

    This happens when we're accessing .mydomain.com url as :

    https://mymachine.mydomain.com/affwebservices/public/saml2sso

    when the certificate is for another domain, in this case
    .myotherdomain.com. This is why Internet Explorer reports the error.

     

    We want to know how replace the default certificates with the new one
    for *.mydomain.com ?

     

    Resolution:

     

    You need to configure for the virtualhost to handle specific
    certificate :

     

    Enable SSL for Virtual Hosts

    <VirtualHost 10.0.0.1:443>
    DocumentRoot ".../htdocs/site1"
    ServerName www.site1.net
    ServerAdmin webmaster@site1.net
    ErrorLog logs/covalent_error_log_site1
    TransferLog logs/...
    SSLEngine on
    SSLCertificateFile /www.site1.net.cert
    SSLCertificateKeyFile /www.site1.net.key
    CustomLog logs/cipher_log_site1 \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </VirtualHost>

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-ssl-for-ca-siteminder-sps/configuring-ssl-on-apache-web-server-manually

     

    KB : KB000117523