Process Flow - Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual

J2EE Agent: Uses certificates and trust stores to establish trust between the J2EE Agent and
the Identity Server, and for SSL between the J2EE server and the Identity Server.
To ensure the validity of X.509 certificates, Access Manager supports both Certificate Revocation
Lists (CRLs) and Online Certificate Status Protocol (OCSP) methods of verification.
Access Manager stores the certificates that a device has been configured to use in trust stores and
keystores. This section describes the following certificate features:
Section 3.1.1, "Process Flow," on page 42
Section 3.1.2, "Access Manager Trust Stores," on page 43
Section 3.1.3, "Access Manager Keystores," on page 44

3.1.1 Process Flow

You can install and distribute certificates to the Access Manager product components and configure
how the components use certificates. This includes central storage, distribution, and expired
certificate renewal.
management in Access Manager:
Figure 3-1
Certificate
Authority
2
Administrator
1. Create the certificate and generate a certificate signing request (CSR). See
"Creating Certificates," on page
2. Send the CSR to the external CA for signing.
A CA is a third-party or network authority that issues and manages security credentials and
public keys for message encryption. The CA's certificate is held in the configuration store of
the computers that trust the CA.
42 Novell Access Manager 3.1 SP1 Administration Console Guide
Figure 3-1 illustrates the primary administrative actions for certificate
Certificate Management
Certificate
1
3
Administration
4
4
4
Console
4
47.
Access Gateway
Identity Server
SSL VPN
Java Agents
Section 3.2.1,