SSLVPN – KIOSK mode connection fails when trying to use a https connection. With a http connection it is working fine.
Scenario: User is trying to connect to SSLVPN server in KIOSK mode using an https connection
Once he gives the authentication details to the server it tries to connect to the SSLVPN server but it never connects. When the log files are checked it displays “I/O Exception while fetching CIC policy from the Server.java.io.IOException: HTTPS hostname wrong: should be <sslvpn server’s host name>”
Refer to the following screen shot.
How to rectify this problem???
Log on to Novell Access Manager Administration console
Remove the certificate associated with Identity Server and SSLVPN.
To do this, you first need to create a new certificate and associate the new certificate to the Identity Server and SSLVPN. Then you can remove the old certificate which was associated with the Identity Server and SSLVPN (this is optional).
Refer to http://www.novell.com/documentation/novellaccessmanager31/quickstarts/?page=/documentation/novellaccessmanager31/quickstarts/data/bookinfo.html to know how to create a certificate.
Following screen shots show that a new certificate with name cit_novell_com has been created and associated to both Identity Server and SSLVPN.
Once new certificate is created please update the servers, both SSLVPN and Identity Server. The update process may take 2 minutes since it restarts the tomcat. Once this is done ensure that the Identity Server and SSLVPN server is up with Green signal.
Now you can start a browser and connect to SSLVPN server using https connection. This will work fine.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.