Reflection for Secure IT Gateway - Administrator’s Guide > Troubleshooting > Server Certificate Troubleshooting

Server Certificate Troubleshooting

Refer to these troubleshooting steps if you changed the server certificate used by the Transfer Server or Gateway Administrator server.

After any changes you make to server certificate setup, always perform both of the following before retesting:

  1. Close all browser windows.

  2. Restart the server whose certificate you are configuring. See Start and Stop the Reflection Transfer Server and Start and Stop the Reflection Gateway Administrator Service.

Certificate warning still appears

  • Did you close all browser windows and restart the server before retesting?

  • Does the server name in the URL you are using match the server name(s) in the certificate?

Browser cannot display the web page

  • Did you specify the correct password for servletengine.ssl.keystorepassword?

  • Is the keystore or PKCS#12 file in the location specified for servletengine.ssl.keystore?

  • If you generated a JKS from a PKCS#12 file, did you use the same password?

  • Is your PKCS#12 file encrypted with a FIPS-compliant algorithm? See Re-encrypt a PKCS#12 file to Use a FIPS-Compliant Algorithm.

Login is successful, but error messages appear in the log file

  • The message "javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate" appears repeatedly in the server log file.

    This exception is most likely to occur if the Transfer Server has not been updated to trust a new Gateway Administrator certificate. To resolve this issue, from the Reflection Secure Shell Proxy console, go to the Reflection Gateway Users pane and click Activate and verify.