I am unable to change the Portal Start Page to the Rules tab via the URL /rules/

Linda, can you confirm the version of Appian you are using and your browser? I just tested this on 7.2 and it worked fine on IE10, but it did not work using Firefox.

Appian 7.2 and IE 8

Linda, I was able to reproduce this behavior and found that due to the way the URL is validated internally this can happen only when using SSL (https://) in the environment if the certificate hasn't been imported into the JDK collection of trusted certificate authority certificates on the server where your application server is running.

In order to solve this issue have your system administrator import the certificate into the cacerts file of the JDK where your app server runs.

Here's how you can do it (adjust the paths/names accordingly)

1.

keytool -import -alias <HOSTNAME_AS_IN_CUSTOM.PROPERTIES_SERVER_AND_PORT> -file <MY_CERTIFICATE>.crt -keystore "C:\\Program Files\\Java\\jdk1.7.0_21\\jre\\lib\\security\\cacerts

2. Restart your application server.

Can you clarify why this is needed? Does the process that sets the start page attempt to make a connection to itself using the conf.suite.SERVER_AND_PORT? This is not going to work in our environment as it is currently configured. The app is unable to connect to itself using that URL. In the case of email templates, there is a an alternative conf.suite.MAIL_SERVER_AND_PORT for use in the case where the main SERVER_AND_PORT is not reachable. Is there an equivalent mechanism in this case?

This is needed because the code that validates the URL uses the context of the request to form the URL meaning that when you type

/rules/GetRulesRoot.do

Appian will internally review what URL your browser has, let's say myappian.appiancorp.com/.../designer and based on that will create the following URL for validation:

myappian.appiancorp.com/.../GetRulesRoot.do

and execute something like this:

urlHomePage = new URL(url);
urlHomePage.getContent();

when Appian calls the getContent() method to verify this is a valid URL it will go through HTTPS which in your case is at the Web Server layer, if the certificate your Web Server is using is not installed per the instructions above then it won't find a valid certificate. You don't see the error in the application server log because the exception is caught and the stack trace is not printed but basically that is what is happening.

Given the URL is formed using the page context you cannot control this through custom.properties, but if you can bypass the web server temporarily you will also be able to set this page although the easiest option is to import the certificate.

There's another option:

1. Create a custom page (System - Create Page)
2. The page will point to /rules/GetRulesRoot.do
3. Build a model and use the Set Global Home Page smart service to set it to that page.
4. Run an instance of that model

but step #1 will also require that the certificate is imported.

The problem isn’t with importing the certificate, we’ve done that. The problem is that due to the networking setup the app server is unable to contact its own address as specified in SERVER_AND_PORT. This is the reason that the conf.suite.MAIL_SERVER_AND_PORT property exists (the comments for that property say “…if the application server cannot connect to the URL defined by … conf.suite.SERVER_AND_PORT…”).

The reason that the server cannot reach itself is that it is behind a load balancer/firewall (listening on 443) which redirects to port 8443, and the server’s name resolves to the Load Balancer’s address, which is only reachable from the Internet, not from “inside”.

So your code should not have used the reported URL as the base of the verification request, but instead should have used some other SCHEME, SERVER_AND_PORT and APPLICATION_CONTEXT to construct the URL for validation (just as for mail rendering).

If this validation only needs to happen once, when setting up the default page, we might be able to create a temporary “tunnel” that will allow the normal scheme+server+port+context to work. But if this validation happens more than once we simply will not be able to do it.

The validation would be done only when you click on the "Submit" button when changing the start page so you can request that temporary "tunnel".

Now that you describe the architecture in more detail then you can try approach #2 (see my "There's another option" post). This one uses SERVER_AND_PORT and SCHEME so probably that will work better for your current configuration.