Katalyst: Server security and access issues

Description

General Guidance on troubleshooting Katalyst server access issues (HTTPS, certificates, and endpoints)

• Users intermittently or consistently cannot access Katalyst.
• Common symptoms:
  • Browser “site not secure” or certificate warnings.
  • Connection timeouts or “site cannot be reached” errors.
  • Mixed‑content or redirect issues after infrastructure changes.
• These problems often arise after:
  • SSL certificate renewals.
  • Changes to hostnames, load balancers, or reverse proxies.
  • Security policy updates (TLS versions, cipher suites).

Solution

• Confirm basic network connectivity from clients to the Katalyst host/URL (ping, traceroute, HTTP/HTTPS checks).
• Validate SSL/TLS configuration:
  • Certificate validity and chain (root + intermediates).
  • Hostname matching (CN/SAN vs URL used).
  • TLS protocol and cipher support compatible with corporate policies and browsers.
• If a reverse proxy or load balancer fronts Katalyst:
  • Check that backend routing to the Katalyst application is correct.
  • Ensure any application‑level URLs or callbacks (e.g., API base URLs) still match the externally visible hostname and protocol.
• After each infrastructure or certificate change, perform a full functional test:
  • Access the Katalyst login page from representative client machines.
  • Run a typical workflow (create experiment, open data) to confirm there are no mixed‑content or redirect issues.