Issue description   

Possible causes   

• Expired SSL certificate: The installed SSL/TLS certificate is no longer valid and has expired.
• Invalid SSL certificate: The wrong certificate is bound to the ADSelfService Plus web server.
• Self-signed certificate: The default, self-signed certificate from ADSelfService Plus is not trusted by client browsers.
• Improper reverse proxy configuration: A valid SSL certificate has not been applied on the reverse proxy, even though ADSelfService Plus itself is configured correctly.

Prerequisites   

• You need administrator access to the ADSelfService Plus server and web portal.
• You must have a valid SSL certificate file from a trusted Certificate Authority (CA). The certificate should be for the exact hostname users will use to access the portal.

Resolution   

• Bind a valid and trusted SSL certificate issued by a trusted CA in ADSelfService Plus.
• Ensure the certificate’s Common Name (CN) or Subject Alternative Name (SAN) matches the URL used to access ADSelfService Plus (e.g., ssp.yourcompany.com).
• Restart ADSelfService Plus after certificate installation to apply changes.  

• Configure your reverse proxy server to use a valid SSL certificate. This process varies depending on the proxy software you use.
• Ensure the proxy is configured to serve HTTPS connections externally.
• The internal connection between the reverse proxy and ADSelfService Plus can remain on HTTP, while users access the application securely via HTTPS.

Validation and confirmation

• Clear your browser's cache to ensure it fetches the new certificate information.
• Access the ADSelfService Plus portal using the correct https:// URL.
• Check the address bar. You should now see a padlock icon 🔒, indicating a secure and trusted connection.

Related topics and articles        

• How to apply an SSL certificate in ADSelfService Plus
  
• Configuring ADSelfService Plus with a reverse proxy
  

How to reach support