Assigning Certificates To An Access Gateway - Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual

Administration console guide

Hide thumbs Also See for ACCESS MANAGER 3.1 SP1 - ADMINISTRATION:

Manual (208 pages)

Installation manual (42 pages)

Quick start manual (24 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

certificate. The OCSP reply is signed by the OCSP server. To verify that it was signed by the correct

OCSP server, the OCSP server certificate needs to be added to this trust store. The OCSP server

certificate itself is added to the trust store, not the CA certificate

1 In the Administration Console, click Devices > Identity Servers > Edit > Security.

2 Click the certificate link that you want to replace:

Encryption: Displays the encryption certificate keystore. The encryption certificate is used to

encrypt specific fields or data in the assertions.

Signing: Displays the signing certificate keystore. Click this option to access the keystore and

replace the signing certificate as necessary. The signing certificate is used to sign the assertion

or specific parts of the assertion.

SSL: Displays the SSL connector keystore. Click this option to access the keystore and replace

the SSL certificate as necessary. This certificate is used for SSL connections.

Provider: Displays the identity provider keystore. Click this option to access the keystore and

replace the identity provider certificate.

Consumer: Displays the identity consumer keystore. Click this option to access the keystore

and replace the identity consumer certificate as necessary.

3 Click Replace.

A keystore stores only one certificate at a time. When you replace a certificate, you overwrite

the existing one.

4 In the Replace dialog box, click the Select Certificate icon and browse to select the certificate

you created in

Section 3.2.1, "Creating Certificates," on page

5 Click OK.

6 Click OK in the Replace dialog box.

7 Restart Tomcat, as prompted by the system.

The system restarts Tomcat for you if you click Restart Now at the prompt. If you want to

restart at your convenience, select Restart Later and then manually restart Tomcat.

Linux: Enter the following command:

/etc/init.d/novell-tomcat5 restart

Windows: Enter the following commands:

net stop Tomcat5

net start Tomcat5

8 Update the Identity Server configuration on the Servers page, as prompted.

3.3.3 Assigning Certificates to an Access Gateway

The Access Gateway can be configured to use certificates for SSL communication with three types

of entities:

Identity Server: The Access Gateway uses the Embedded Service Provider to communicate

with the Identity Server. The Access Manager CA automatically generates the required

certificates for secure communication when you set up a trusted relationship with the Identity

Server. To manage these certificates in the Administration Console, click Access Gateways >

47.

Security and Certificate Management

Table of Contents

Chapters

Table of Contents

Assigning Certificates To An Access Gateway - Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual

3.3.3 Assigning Certificates to an Access Gateway

Chapters

Troubleshooting

Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Related Content for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Table of Contents