Skip to main content

How do I correct Identify Server Configuration ?

Permanently deleted user
When enable Geocortex Identify Server in Essentials Manager and attempt to edit Users/Roles, I get the following message:

 

"An error occurred while processing your request. Unable to manage users and roles for security provider 'Geocortex Identity Server'. SSL certificate error: Certificate name mismatch."

 

And when I open the "Edit Identity Server Services Details" dialog I notice there is not a Relying Parties box.

 

Any help would be appreciated.
0

Comments

9 comments

Date Votes
  • Permanently deleted user
    I think to add role you should disable the requier SSL in the post installation.

     

    _img_ alt="User-added image" src="https://latitudegeo--c.na53.content.force.com/servlet/rtaImage?eid=907600000004G0Y&feoid=Body&refid=0EM600000004Y70" _/_img_
    0
  • Permanently deleted user
    I am experiencing the same issue right now. I have found that the reason is because the certificate you have binded in IIS for SSL is not the same certificate that the Identity server has listed. You can see what certificate the Identity server is using by launching a command window with admin rights and do the following:

     

    1.In the command line windows, navigate to the folder: C:\Program Files (x86)\Latitude Geographics\Geocortex Identity Server\Web\bin

     

    2. Once you're in that folder, run the following command: 

     

    Geocortex.IdentityServer.Setup.exe

     

    3. The output will tell you which certificate is being used under SigningCertificateName:

     

    If you need to null the certificate to generate a new one you can follow the directions in this post (https://support.geocortex.com/essentialsGSCForum?sub-nav=forum&main-nav=essentials&#!/feedtype=SINGLE_QUESTION_DETAIL&criteria=ALLQUESTIONS&id=90660000000XaEfAAK)

     

    Hope this helps. I haven't been able to get mine to work yet but this is what I have found out so far.

     

     
    0
  • Permanently deleted user
    Rawan and Clarence, thanks for the input, I tried all of the above with no sucess. I think with so many folks having this issue, the Latitude support folks must have a fix, think I will drop them a note to see and will pass any insights I get along.
    0
  • Permanently deleted user
    Sorry it didn't work for you. Let us know what you find out please. Thanks!

     

     
    0
  • Malcolm Walker
    • Community-Manager
    Hi folks,

     

    If you get an error when trying to manage users and groups from Essentials Manager, then there is likely a problem with the SSL Certificate that is being used by the web site hosting the Identity Server application.

     

    If you click the Edit Identity Server icon that's just to the right of the User/Role icon, then you can see what address Essentials is using to manage Identity Server in the Edit Identity Server Details dialog.  It's in the URL box.

     

    _img_ alt="Screenshot of Identity Server configuration" src="https://latitudegeo--c.na53.content.force.com/servlet/rtaImage?eid=907600000004G6b&feoid=Body&refid=0EM600000004Y7K" _/_img_

     

    If this is an SSL URL, and the SSL certificate being used by the website doesn't match the name, you will get a Certificate Mismatch error.  The easiest fix is to adjust the URL in this box to suit the SSL certificate.  Alternatively, you can switch to a non-SSL version of Identity Server (for example, in a development environment or for testing)

     

    We don't recommend that you host Identity Server without having a valid SSL certificate.

     

    Note: Updating the URL to Identity Server does not necessarily require that you enter the Secret.  You only need to enter the Secret for a new Identity Server, or if you are pointing to a different server.
    0
  • Permanently deleted user
    Malcolm your response is overlooking the obvious, the SSL Certificate is supposed to be installed/configure by using the Essentials Post Install. Also any attempts to update the dialog you mentioned throws an error.

     

    I even started from scratch, removed all software and re-installed. The result was the same.

     

    If there are some special instructions that are beyond the normal installation guidelines, I am all ears.
    0
  • Malcolm Walker
    • Community-Manager
    Hi Joseph,

     

    There are two SSL certificates which may be used by Identity Server.

     

    The one installed by the Post Installation is the Signing Certificate.  This certificate is generated by the post installer and is trusted by Essentials.  It's used to ensure that the token created when you sign in is from a trusted source.   Generally, there is no reason to modify this certificate unless you are load balancing Identity Server.

     

    The second one is bound to your web server and is not generated by any Geocortex products.  However, we will use that certificate when connecting to a web service hosted by your web server.

     

    For example, if the URL to your Identity Server is:

     

    https://maps.hostname.com/Geocortex/IdentityServer

     

    Then when we manage users and roles for that server, we'll attempt to make an SSL connection to https://maps.hostname.com/.  If the SSL certificate for that website is associated with the hostname gis.hostname.com, that will cause an Certificate Mismatch error.

     

    To troubleshoot your issue, can you navigate to the URL in the Identity Server box in a web browser and verify that you do not see any certificate errors?
    0
  • Permanently deleted user
    I want to thank Malcolm for getting me back on track within minutes!

     

    For those with similar issues on a windows development server, I offer the following:

     

    1. In IIS Manager, select the COMPUTER node in the tree on the left, then on the right under the "IIS" section, select Server Certificates

     

    2. You should see a self-signed certifcate with the same name as your computer, and possiblely the Geocortex certificate, with a name something like "Geocortex, Signing, SERVERNAME". In my case I did not have the self-signed certificate.

     

         - so I created one by clicking the "Create Self-Signed Certificate" link on the right panel and named it using my server name.

     

    3. Then I needed to bind the certificate to "https / port: 443", to do this in the tree on the left click "Default Web Site", then right click it and pick "Edit Bindings ..."

     

         - When the dialog comes up, click the "https / port: 443" row and click the edit button

     

         - When that dialog comes up, for the "SSL certificate" dropdown, pick your one that matches your server name

     

         - Then you can click okay to the various dialogs,

     

         - and fire up Essentials Manager, got to the Security page, enable "Geocortex Identity Server", Apply Details and then ...

     

         - click the "Edit" link to bring up Edit Identity Service Services Details popup and you should see something like image in Malcolms post

     

    4. No for those that do not see a the Geocortex certificate follow the info in Clarence's post ( https://support.geocortex.com/essentialsGSCForum?sub-nav=forum&main-nav=essentials&#!/feedtype=SINGLE_QUESTION_DETAIL&criteria=ALLQUESTIONS&id=90660000000XaEfAAK )

     

     
    0
  • Permanently deleted user
    Since I am in a testing environement I am currently using a self signed certificate. My issue was that the URL for the identity server was only using the server name and my certificate was for the fully qualified domain.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post