9c If the certificate is not in use by the required keystores, select the certificate, then click
Actions > Add Certificate to Keystores.
9d Click the Select Keystore icon, select ESP Mutual SSL and Proxy Key Store of the Access
Gateway, then click OK twice.
10 Configure the trust stores for the Access Gateway.
10a In the Administration Console, click Security > Certificates > Trusted Roots.
The trusted root certificate of the CA that signed the Access Gateway certificate needs to
be in the NIDP-truststore.
The trusted root certificate of the CA that signed the Identity Server certificate, needs to be
in the ESP Trust Store of the Access Gateway.
10b If you need to add a trusted root to a trust store, select the trusted root, click Add Trusted
Roots to Trust Stores.
10c Click the Trust Store icon, select the required trust store, then click OK twice.
11 If you made any keystore or trust store modifications, update the Access Gateway and the
Identity Server.
12 (Optional) Create a cluster configuration and add this server as the primary server.
2.5 Setting Up a Tunnel
The tunnel option lets you create one or more services for the specific purpose of tunneling non-
HTTP traffic through the Access Gateway to a Web server. To do this, the non-HTTP traffic must
use a different IP address and port combination than the HTTP traffic.
An Access Gateway usually processes HTTP requests in order to fill them. However, it is not
unusual that some of the traffic coming through the gateway is not HTTP-based. Web servers
sometimes handle Telnet, FTP, chat, or other kinds of traffic without attempting to process it. If your
Web servers are handling this type of traffic, you should set up a tunnel for it.
Reverse proxies and tunnels cannot share the same IP address and port combination. You can either
configure a reverse proxy for an IP address and port or a tunnel for that IP address and port.
To set up a tunnel:
1 In the Administration Console, click Devices > Access Gateways > Edit > Tunneling.
88
Novell Access Manager 3.1 SP2 Access Gateway Guide