Prerequisites For Ssl; Prerequisite For Ssl Communication Between The Identity Server And The Access Gateway; Prerequisites For Ssl Communication Between The Access Gateway And The Web Servers; Section 2.2, "Prerequisites For Ssl - Novell ACCESS MANAGER 3.1 SP1 - GATEWAY GUIDE Manual

2.2 Prerequisites for SSL

The following SSL configuration instructions assume that you have already created or imported the
certificate that you are going to use for SSL. This certificate must have a subject name (cn) that
matches the published DNS name of the proxy service that you are going to use for authentication.
You can obtain this certificate one of two ways:
You can use the Access Manager CA to create this certificate. See
Certificate" in the Novell Access Manager 3.1 SP1 Administration Console
You can create a certificate signing request (CSR), send it to an external CA, then import the
returned certificates into Access Manager. See
"Importing Public Key Certificates (Trusted
Administration Console
2.2.1 Prerequisite for SSL Communication between the Identity
Server and the Access Gateway
If you are going to set up SSL communication between the Identity Server and the Access Gateway
for authentication and you have configured the Identity Server to use certificates created by an
external CA, you need to import the public certificate of this CA into the trusted root keystore of the
Access Gateway.
1 If you haven't already imported the public certificate of this CA into the trusted root store of
the Identity Server, do so now. For instructions, see
(Trusted Roots)" in the
2 To add the public certificate to the Access Gateway:
2a In the Administration Console, click Devices > Access Gateways > Edit > Service
Provider Certificates > Trusted Roots
2b In the Trusted Roots section, click Add.
2c Click the Select trusted root(s) icon, select the public certificate of the CA that signed the
Identity Server certificates, then click OK.
2d Specify an alias, then click OK twice.
3 To apply the changes, click Close, then on the Access Gateways page, click Update.
2.2.2 Prerequisites for SSL Communication between the
Access Gateway and the Web Servers
If you are going to set up SSL between the Access Gateway and the Web servers, you need to
configure your Web servers for SSL. Your Web servers must supply a certificate that clients (in this
case, the Access Gateway) can import. See your Web server documentation for information on how
to configure the Web server for SSL.
For mutual SSL, the proxy service must supply a certificate that the Web server can trust. This
certificate can be the same one you use for SSL between the browsers and the reverse proxy.
"Generating a Certificate Signing
Roots)" in the
Guide.
Novell Access Manager 3.1 SP1 Administration Console
"Creating a Locally Signed
Guide.
Novell Access Manager 3.1 SP1
"Importing Public Key Certificates
Configuring the Access Gateway for SSL
Request" and
Guide.
65