Siteminder Secure Proxy Server logging Bad Certificate errors in server.log

Document ID : KB000053312
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

An SSL certificate is install or updated on a back-end web server, and the SPS begins logging...

[Noodle.java][ERROR] Exception caught. Message is: proxy: com.rsa.ssl.AlertedException Bad certificate

in the server.log

Solution:

Please perform the following steps...

  1. Acquire root ca cert in PEM format (base64) for the CA that signed/created the Server Cert for back-end web server.

  2. Test the root ca certificate using a browser to validate the root ca certificate is listed in the browsers trusted ca's. The Browser should not throw any security warnings.

  3. After the root ca ertificate has been verified, the root ca certificate needs to be add to the cabundle file in the SPS. The root ca certificate in base64 PEM format should look something like...

    -----BEGIN CERTIFICATE-----
    MIICPTCCAaYCAQAwDQYJKoZIhvcNAQE
    klhOy A bunch of stuff MIICPTCC
    aYCAQAwDQYAaYCAJKoZIhvcNAQE....
    -----END CERTIFICATE-----

  4. After the root ca certificate has been added to the end of the cabundle file and the file has been saved, restart the SPS to load the newly added root ca certificate.