HCL Safelinx – Untrusted Certificate Issue

A few days ago I came across a rather weird issue with HCL Safelinx and HCL Domino. After setting up HCL Safelinx, it was not possible to access the Websites hosted by an HCL Domino Server. The user would just get an HTTP Error, “503 – Service Unavailable”.

I checked the network, no issues there, Safelinx could access the Domino Server via port 443 without any issues. SSL Certificates from both Domino and Safelinx were trusted, no issues could be seen there via Internet Browsers (Firefox, Chrome, …) and a quick check with “openssl” didn’t show any problems. The SSL Cipher configuration was also Ok, on both Safelinx and Domino.

After turning on all possible trace and debug settings on Safelinx, the following errors could be observed:

75613:936171264 (Sep 18 2020/10:06:12.4153)[WARN] SSLPort::raw_connect: open returns rc=414 (Unknown error — 414)
75613:936171264 (Sep 18 2020/10:06:12.4154)[ERROR] SSLPort: failed to open secure connection (rc = 414)–> <Domino_Server_IP>:443
75613:936171264 (Sep 18 2020/10:06:12.4154)[LOG] SSLPort::connect: (return), rc=-1
75613:936171264 (Sep 18 2020/10:06:12.4154)[WARN] HTTP-AS: failed to connect to server ‘<Safelinx_Server_IP>:56796 –> <Domino_Server_Hostname>:443’ (Unknown error — 0)
75613:936171264 (Sep 18 2020/10:06:12.4155)[DEBUG] setup connection, elapsed time: 23ms
75613:936171264 (Sep 18 2020/10:06:12.4155)[WARN] http-service1: failed to setup back end connection, elapsed time: 23ms [<Username>]
75613:936171264 (Sep 18 2020/10:06:12.4156)[HTTPAS]httpServerResponse: HTML pkt size: 2787
HTTP/1.1 503 Service Unavailable
Server: HCL Verse via SafeLinx
Connection: close
Content-Type: text/html; charset=utf-8

I have set some Domino HTTP Debug parameters, but I had to wait for the window where I could restart the Domino/HTTP Task. So I have decided to try setting “Accept untrusted certificates from internal servers” on HCL Safelinx.

Screenshot of the Safelinx setting.

And guess what, after restarting Safelinx, the users could access Domino Web applications without any issues.

I hope this saves you some time. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s