000015975 - When trying to access the security console by IP address  there is a redirect loop

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015975
Applies ToSecurID Appliance 3.0
Security Console
Cannot log onto Security Console using IP address in URL
Issue

If you are using Mozilla Firefox you will notice message "Problem loading page. The page isn't redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete."


If you are using Internet Explorer 7 The below message appears:

"Certificate Error:Navigation Blocked - Windows Internet Explorer There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website was issued for a different website's address."

Security certificate problems may indicate an attempt to mislead you or intercept any data you send to the server.

CauseThe RSA Appliance generates pages and links based upon the name used for the appliance during the quick setup. The way the appliance uses https, the browser is dependant on the presented page being based on the requested page, but the presented page isn't based on an IP address.  Also, the security certificate presented by the appliances web server is based upon the Fully Qualified Domain Name (FQDN), not an IP address, so many browsers will complain or malfunction because of the mismatch. 
ResolutionUse the fully qualified hostname in URL to access the Security Console, and not the IP address
NotesIf access to the appliance is required in a way that the true FQDN cannot be used by the end-user or administrator (such as accessing the Self-Service console of Credential Manager),  this functionality can be made available by using a third-party proxy server. The proxy must be able to take page requests in the format needed by users, and recreate the request to the true FQDN of the appliance. The documentation for the Appliance and Authentication Manager shows general examples of the proxy setup, but for specific information on configuring the proxy server, please see the proxy server's documentation. 
Legacy Article IDa44317

Attachments

    Outcomes