Problem:
When accessing several services within your UCS domain you run into errors like
Internal Server Error: service can’t be reached
The connection to the server could not be established. Please try again later. Error message: (‘Could not send request.’, SSLError(1, u’[SSL:CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl:c:661)’))
Also the following article might interesst you
Problem: My own certificate seems to provoke problems with ucs services
Investigation:
You are using a wildcard certificate for your UCS Domain intranet.domain.tld and the certificates subject is *.domain.tld.
Because your hostname is server.intranet.domain.tld the certificate is not covering that namespace.
According to RFC 2818 in “3.1. Server Identity” is stated that
Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com.
Solution
- You might use the self sign certificates that are shipped with UCS and provide the RootCA to your Clients
- You might use Lets’s Encrypt for certifying your Domain.
- You might obtain another wildcard certificate for your internal domain
*.intranet.domain.tld.