Hello,
I'm setting up a gateway and have been batteling SSL issues.
Server hostname is gateway1 and not joined to domain.
I created the dns suffix of gateway1.symantec.com
I modified the openssl.cnf file to include the Subject Alternative Names of
[v3_req]
basicConstraints = CA:FALSE
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = gateway1
DNS.2 = gateway1@symantec.com
IP.1 = 192.168.33.58
this resolved the "RSA server certificate CommonName (CN) `icbmss' does NOT match server name!?" errors in the logs.
Installed C:\Program Files\Symantec\SMP Internet Gateway\Apache\certs\server.crt in Trusted Root Certification Authorities
but I still receive this error:
Init: Oops, you want to request client authentication, but no CAs are known for verification!? [Hint: SSLCACertificate*]
-----------------------------------------------------------------------------------------------------
Date: 2/16/2015 12:30:53 PM, Tick Count: 6497281 (01:48:17.2810000), Host Name: gateway1, Size: 356 B
Process: httpd.exe (16124), Thread ID: 15448, Module: InternetGateway
Priority: 2, Source: InternetGateway.Status
File: C:\Program Files\Symantec\SMP Internet Gateway\Apache\logs\Error.log