Gateway; Servers - Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual

3.2.1 Prerequisites for SSL Communication between the
Identity Server and the Access Gateway
If you are going to set up SSL communication between the Identity Server and the Access Gateway
for authentication and you have configured the Identity Server to use certificates created by an
external CA, you need to import the public certificate of this CA into the trusted root keystore of the
Access Gateway.
1 If you haven't already imported the public certificate of this CA into the trusted root store of
the Identity Server, do so now. For instructions, see
(Trusted Roots)" in the
2 To add the public certificate to the Access Gateway:
2a In the Administration Console, click Devices > Access Gateways > Edit > Service
Provider Certificates > Trusted Roots
2b In the Trusted Roots section, click Add.
2c Click the Select trusted root(s) icon, select the public certificate of the CA that signed the
Identity Server certificates, then click OK.
2d Specify an alias, then click OK twice.
3 To apply the changes, click Close, then click Update on the Access Gateways page.
3.2.2 Prerequisites for SSL Communication between the
Access Gateway and the Web Servers
If you are going to set up SSL between the Access Gateway and the Web servers, you need to
configure your Web servers for SSL. Your Web servers must supply a certificate that clients (in this
case, the Access Gateway) can import. See your Web server documentation for information on how
to configure the Web server for SSL.
For mutual SSL, the proxy service must supply a certificate that the Web server can trust. This
certificate can be the same one you use for SSL between the browsers and the reverse proxy.
Novell Access Manager 3.1 SP2 Administration Console
Configuring the Access Gateway for SSL and Other Security Features
"Importing Public Key Certificates
Guide.
111