cancel
Showing results for 
Search instead for 
Did you mean: 
intapiuser
Community Team Member
Community Team Member
The method in which SSL (Secure Sockets Layer) is set up has changed in Sisense V7.2. The full reference documentation is located here where each step of setting up SSL is in V7.2 and later verisons is described.
This post contains questions/symptoms with corresponding suggested solutions to these issues.
Whether your organization is upgrading from a previous version of Sisense (V7.1 or lower) or are just getting started with Sisense, the following is meant to give your organization a starting point for troubleshooting.

Topics:

404 Response
403 Response
504 Gateway Error
This page can't be displayed/This site can't be reached
The client and server don't support a common SSL protocol version or cipher suite
Another application is listening on port 443
Build Failure: Unable to verify first certificate

Resources:

Verify Configuration Settings

1. At upgrade to V7.2, was port 443 removed from the bindings of the site?
2018-09-07_17h21_38.png
2018-09-07_17h23_13.png
2. In the Configuration Manager (http://localhost:3030), are the following settings completed?
  • Enable SSL toggled to the on position
  • SSL Certificate and SSL Key populated with your uploaded certificate (or copy-pasted keys)
  • Port set to 443
  • Internal IP set to the domain of your organization's Sisense website
new_webserver_image.png

Common Issues:

404 Response:

Symptom: When we navigate to https://<host>.<domain>.com we see a 404 response
Suggested Resolution:
  • If you see this on the webserver, can indicate that your SisenseWeb site has a 443 binding still in IIS and have not set up the Configuration Manager for SSL. Refer to the Setting Up SSL documentation on how to get started.
  • If you are getting response when navigating to your site on a machine not on the network the Sisense webserver is on, can indicate a networking issue (outside traffic cannot reach your domain).

403 Response:

Symptom: When we navigate to https://<host>.<domain>.com we see a 403: Access Denied
Explanation: Can indicate that your Sisense webserver may still have the 443 binding attached to your Sisense website in IIS which is conflicting with the settings for SSL in the Configuration Manager.
Suggested Resolution: Remove the port 443 binding from IIS then check your setting in the Configuration Manager.

504 Gateway Error:

Symptom: When we navigate to https://localhost on the Sisense webserver, we can get to the Sisense site. But when we navigate to https://<host>.<domain>.com we see a 504: Gateway Error. We have also verified that our SSL set up is correct as described in the Verify Configuration section.
Explanation: In 7.1 and below Sisense used IIS as a web server. IIS automatically defined the firewall in Windows to allow connectivity on the ports defined. On 7.2 and above you will need to define the inbound rule to allow connectivity.
Suggested Resolution: Please follow the steps below:
  1. Ensure that port 443 is open on your firewall.
  2. If your organization is using a reverse proxy or load balancer, verify that communication with Sisense is on HTTPS.
    1. In some cases the request from the reverse proxy/ load balancer is communicating on HTTP with the Sisense server, in that case, change the Configuration Manager page in Sisense to work on that port without HTTPS.
  3. Add Node.exe from %ProgramFiles%\Sisense\app\gateway-service\node.exe as an allowed program in Windows Firewall.

This page can't be displayed/This site can't be reached:

Symptom: When we navigate to https://<host>.<domain>.com we see:
  • Internet explorer: This page can't be displayed
  • Chrome: This site can't be reached
  • Chrome: ERR_CONNECTION_REFUSED
Explanation: Can indicate either of the following:
  • There are setting changes needed in the Configuration Manager, particularly the port and Internal IP fields.
  • Traffic on one or more ports that Sisense relies on are blocked on the firewall. Since SSL is no longer set up through Windows IIS, there may be ports that need to be opened to outgoing and incoming traffic.
Suggested Resolution:
  • Check over your organization's settings for which port and internal IP the Sisense site is running on to verify they are accurate.
  • Open Windows Firewall application on the Sisense Webserver and follow this article to open traffic both incoming and outgoing traffic on at minimum ports: 443, 8081, and whichever port your organization is running Sisense Web on.
    • A more extensive list of ports to make available externally is here.

The client and server don't support a common SSL protocol version or cipher suite:

Symptom: When we navigate to https://<host>.<domain>.com we see:
  • This site can’t provide a secure connection 
  • <host>.<domain>.com uses an unsupported protocol.
  • ERR_SSL_VERSION_OR_CIPHER_MISMATCH 
  • Unsupported protocol 
  • The client and server don't support a common SSL protocol version or cipher suite.
Explanation: Can indicate any of the following:
  • The certificate was not uploaded in the Configuration Manager but all other SSL settings were performed
  • There is another process running on port 443
  • If using a CERT and KEY file, the private key is not valid for the certificate
Suggested Resolution Steps:
  • SSL Certificate field and/or the SSL Key is blank:
    • Navigate to the Configuration Manager (http://localhost:3030) and verify that the SSL Certificate and the SSL Key sections. If one or both of those fields are empty then you'll need to re-upload your cert (or copy-paste the text of each document). At this time we recommend using Google Chrome to upload certificates.
new_webserver_image_-_Copy.png
  • Another Process on Port 443:
    • In the Configuration Manager, change the port 443 to a different port (ex. 442).
    • Save the Configuration Manager and do an IIS reset on the webserver.
    • Navigate to your site via the following URL: ..com:">https://<host>.<domain>.com:<port> (example: https://test.sisense.com:442)
    • If you are able to successfully reach the Sisense site there is likely another process running on port 443. Please follow the steps in the Another application is listening on port 443 section.
  • Other: If the above troubleshooting steps did not help, there is likely something missing in the certificate files that are necessary for web browsers to trust your certificate.
    • Work with your Certificate Authority (CA) to obtain an up to date copy of your site's .pfx or .crt and .key files and upload the files according to this documentation.
    • Try exporting the certificate using the Certificate Export Wizard. More information can be found here.

Another application is listening on port 443:

Symptom: After looking over the other errors listed in this article your organization is still seeing errors.
Suggested Solution: In some cases there are other applications running that are listening to port 443 this is the way to identify it:
  1. Navigate to the Configuration Manager (http://localhost:3030) and change the port to 80 and Save
  2. Open the Command Prompt and run  netstat -aon | find ":443"
  3. Use the PIDs listed in CMD to match up the process names in Task Manager. Check if other application are listening to port 443 that are not Sisense.Gateway
    • You can check what Service is running by opening you task manager going to Details or in Services tab and see what is the service behind the PID
      2018-09-12_11h42_31.png2018-09-12_11h39_33.png
    • zIn case that  - Open registry by entering regedit on the start menu and navigate to  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\UrlAclInfo you can see what Services are using that port
  4. The presence of PID 4 indicates that the System is running on 443
    • Open registry by entering regedit on the start menu and navigate to  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\UrlAclInfo you can see what Services are using that port 
  5. After making sure those services are not essential for the system, stop those services.
  6. Once done repeat Step 2 to make sure the issue was resolved.
  7. Set up Sisense back to 443 in the Configuration Manager and Save. Wait a minute and try to load the website again via /">https://<host>.<domain>.com

Build Error: Unable to verify first certificate

If in the Web ECM (ECM 2.0) after setting up SSL, you see the following Build Error:
2019-05-23_11h35_30.png
Please following the resolution instruction in the article below:
Rate this article:
Version history
Last update:
‎02-16-2024 01:15 PM
Updated by:
Contributors