Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual page 46

Administration console guide

Hide thumbs Also See for ACCESS MANAGER 3.1 SP1 - ADMINISTRATION:

Manual (208 pages)

Installation manual (42 pages)

Quick start manual (24 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

ESP Mutual SSL: This keystore contains the certificate that is used for SSL when you have

established SSL communication between the Access Gateway and the Identity Server. The public

key (trusted root) of the certificate authority that created the certificate needs to be in the Identity

Server's trust store.

Proxy Key Store: This keystore contains the certificate that is used for SSL when you have enabled

SSL between a reverse proxy and the browsers. The public key (trusted root) of the certificate

authority that created the certificate needs to be in browser's trust store for the SSL connection to

work without warnings. If you create multiple reverse proxies and enable them for SSL, each

reverse proxy needs a certificate, and the subject name of the certificate needs to match the DNS

name of the reverse proxy.

This keystore does not use the default location; it is located in the

directory.

J2EE Agent Keystores

Access Manager creates the following keystores for each J2EE Agent:

Signing: This keystore contains the certificate that is used for signing the assertion or specific parts

of the assertion.

Encryption: This keystore contains the certificate that is used to encrypt specific fields or data in

assertions.

ESP Mutual SSL: This keystore contains the certificate that is used for SSL, when you have

established SSL communication between the J2EE agent and the Identity Server. The public key

(trusted root) of the certificate authority that created the certificate needs to be in the Identity

Server's trust store.

SSL VPN Keystores

Access Manager creates the following keystores for each SSL VPN server or cluster:

Signing: This keystore contains the certificate that is used for signing the assertion or specific parts

of the assertion.

Encryption: This keystore contains the certificate that is used to encrypt specific fields or data in

assertions.

ESP Mutual SSL: This keystore contains the certificate that is used for SSL when you have

established SSL communication between the ESP-enabled SSL VPN server and the Identity Server.

The public key (trusted root) of the certificate authority that created the certificate needs to be in the

Identity Server's trust store.

SSLVPN Secure Tunnel: This keystore contains the certificate that encrypts the data exchanged

between SSL VPN client and the SSL VPN server, after the SSL VPN connection is made.

This keystore does not use the default location; it is located in the

directory.

certs

SSL Connector: This keystore contains the certificate that encrypts authentication information

between the SSL VPN client browser and the SSL VPN server.

Novell Access Manager 3.1 SP1 Administration Console Guide

/opt/novell/conf/keys

/etc/opt/novell/sslvpn/

Table of Contents

Chapters

Table of Contents

Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual page 46

Chapters

Troubleshooting

Related Products for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual page 46

Chapters

Troubleshooting

Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Related Products for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Table of Contents