Proxy to backend server gave Noodle_GenericException

Document ID : KB000006072
Last Modified Date : 14/02/2018
Show Technical Document Details

Configure proxy rule to redirect the request to the backend https enabled application URL.

We are getting an error Noodle_GenericException at browser as below:





SPS: R12.52SP1CR6

From SPS server.log or nohup.log, we can confirm trusted certificate found


[06/Mar/2017:11:08:14-985] [INFO] - Found trusted certificate: [
  Version: V1
  Serial Number: 1234567890000000000
  SignatureAlgorithm: SHA256withRSA (1.2.840.123456.1.1.11)
  Issuer Name: CN=SMSSO, OU=Support, O=CA, L=AUS, ST=AUS, C=AUS

  Validity From: Fri Mar 03 14:51:52 CST 2017
           To:   Thu Feb 21 14:51:52 CST 2019
  Subject Name:, OU=Support, O=CA, L=AUS, ST=AUS, C=AUS

but later reported Internal error

[06/Mar/2017:11:08:15-016] [INFO] - ***Created and initialized encryption cipher
[06/Mar/2017:11:08:15-016] [INFO] - CipherAlg: AES/CBC/NoPadding
[06/Mar/2017:11:08:15-016] [INFO] - CipherKey: 12345..a53c46a643d66890e2dee0f43096632c1a6ae0bed0b7c288e91685a7c35
[06/Mar/2017:11:08:15-016] [INFO] - ***Created and initialized Mac
[06/Mar/2017:11:08:15-016] [INFO] - MacAlg: HmacSHA1
[06/Mar/2017:11:08:15-016] [INFO] - MacKey: 12345..3f8a49733025b5c9139dd9412c34606e8e1
[06/Mar/2017:11:08:15-016] [INFO] - Mac length used: 20
[06/Mar/2017:11:08:15-016] [INFO] - ***SEND Alert Fatal, Internal Error

Based on the flow in server log, SPS is able to find the trusted CA but get an error when it try to create and initialized encryption cipher. This is an indication JCE patch not apply causing the issue.


JRE need to have JCE patched


Snippet from documentation:
JCE patches required -- The current Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction patches are required to use the Java cryptographic algorithms. To locate the JCE package for your operating platform, go to the Oracle website.
Apply the patches to the following files on your system:
These files are in the following directories:

jre_home specifies the location of the Java Runtime Environment installation.

Additional Information:

Enable logging to debug SSL in SPS

For SPS the files to apply that debug setting are : 

Windows : proxy-engine/conf/

Unix  : proxy-engine/

Need to add the parameter to the java startup command.