Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

migration LMS 3.1 to LMS 3.1 --- SSL issues

Hi all,

I just performed a migration from one server to another (same version of OS, LMS, and application modules) After the restore, I ran hostnamechange.pl. The log files look clean and things seem to work OK.

Before the migration I loaded a 3rd party certificate to the new server and didn't have problems.

Problem: When I enable SSL via the GUI and restart the daemon manager, I can get to the first LMS web page (default Functional tab). The lock sign shows up properly. However, when I click on almost every link that is off of this page (such as Device Center), I get the following error:

__________________________________________________

Forbidden

You don't have permission to access /cwhp/device.center.do on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

_________________________________________________

Afterwards, I stopped the deamon, ran configssl.pl -disable, start daemon, etc. and the error goes away. However, now SSL is not enabled as desired. I was wondering if anyone knew why SSL can be enabled for the first page, and

why I would get the /cwhp/device.center.do on other pages? Does enabling SSL affect how the internal database is accessed?

Thanks!

--Max

5 REPLIES
Cisco Employee

Re: migration LMS 3.1 to LMS 3.1 --- SSL issues

Go back to the CLI, and run ConfigSSL.pl -enable. That should resync SSL to the necessary places, and allow SSL to work throughout.

New Member

Re: migration LMS 3.1 to LMS 3.1 --- SSL issues

Hi jclarke,

Thanks for your quick reply. I tried that several times, but it did not fix the problem. I restarted the daemon manager, and I even rebooted.

I find it very unusual that the first page loads fine using SSL - green lock symbol, good cert, etc.. Then when I click on a link I get the "forbidden" error.

-Max

--Max

Cisco Employee

Re: migration LMS 3.1 to LMS 3.1 --- SSL issues

No, that is typical. Post a screenshot of your Services control panel showing all of the CiscoWorks services. Also, post the output of the command:

pdreg -l Apache

And the NMSROOT/lib/classpath/md.properties file.

New Member

Re: migration LMS 3.1 to LMS 3.1 --- SSL issues

Hi there,

I have exactly the same issue. Please let me know if you find a resolution

New Member

Re: migration LMS 3.1 to LMS 3.1 --- SSL issues

Hi All,

I was able to solve the problem by re-doing the order of the certificate installation.

I figured it would be too difficult to troubleshoot so I started over. The symtpoms were that I can get to all tabs, but when I clicked on a link (which caused a new browser window to pop up) I had the error.

I started with a fresh LMS 3.1 as my target server as before. However, this time I did not install a third-party cert. I followed the usual reload from backup and changename script. Then, after it was working with a self-signed cert, I added the third-part certificate. That worked!

--Max

153
Views
0
Helpful
5
Replies