Certificates In The Required Trust Stores - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

3 Verify that the subject name of the certificate matches the DNS name of the Identity Server.
If the names match, a certificate name mismatch is not causing your problem.
If the names do not match, you need to either create a certificate that matches or import
one that matches. For information on how to create a certificate for the Identity Server, see
"Configuring Secure Communication on the Identity
Manager 3.1 SP1 Setup
To verify the certificate name of the Access Gateway certificate:
1 In the Administration Console, click Devices > Access Gateways > Edit > [Name of Reverse
Proxy].
2 Read the alias name of the server certificate, then click the Server Certificate icon.
3 Verify that the Subject name of the server certificate matches the published DNS name of the
proxy service of the Access Gateway.
If the names match, a certificate name mismatch is not causing your problem.
If the names do not match, you need to either create a certificate that matches or import
one that matches. For information on how to create an Access Gateways certificate, see
"Configuring the Access Gateway for SSL
Gateway Guide.
To view sample log entries that are logged to the
invalid name, see "The Server Certificate Has an Invalid Subject Name" on page

12.2.4 Certificates in the Required Trust Stores

Make sure that the issuers of the Identity Server and Embedded Service Provider certificates are
added to the appropriate trusted root containers.
When the server certificates are sent from the identity provider to the service provider client, and
from the service provider to the identity provider client, the client needs to be able to validate the
certificates. Part of the validation process is to confirm that the server certificate has been signed by
a trusted source. To do this, the issuers of the server certificate (intermediate and trusted roots) must
be imported into the correct trusted root stores:
The intermediate and trusted roots of the Embedded Service Provider certificate must be
imported into the NIDP-Truststore.
The intermediate and trusted roots of the Identity Server certificate must be imported into the
ESP Trust Store.
If you use certificates generated by the Administration Console CA, the trusted root certificate is the
same for the Identity Server and the Embedded Service Provider. If you are using external
certificates, the trusted root certificate might not be the same, and there might be intermediate
certificates that need to be imported.
To verify the trusted root certificates:
1 In the Administration Console, click Security > Certificates.
2 Determine the issuer of the Identity Server certificate and the Embedded Service Provider
certificate:
2a Click the name of the Identity Server certificate, note the name of the Issuer, then click
Close.
Guide.
" in the
catalina.out
Troubleshooting the Identity Server and Authentication 279
Server" in the Novell Access
Novell Access Manager 3.1 SP1 Access
file when the certificate has an
282.