Certificates In The Correct Certificate Store - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

2b Click the name of the Embedded Service Provider certificate of the Access Gateway, note
the name of the Issuer, then click Close.
2c (Conditional) If you do not know the names of these certificates, see
"Certificate Names," on page
3 To verify the trusted root for the Identity Server, click Trusted Roots > NIDP-truststore.
4 Scan for a certificate subject that matches the issuer of the Embedded Service Provider
certificate, then click its name.
If the Issuer has the same name as the Subject name, then this certificate is the root
certificate.
If the Issuer has a different name than the Subject name, the certificate is an intermediate
certificate in the chain. Click Close, and make sure another certificate in the trust store is
the root certificate. If it isn't there, you need to import it and any other intermediate
certificates between the one you have and the root certificate.
5 To verify the trusted root for the Embedded Service Provider, click Trusted Roots > ESP Trust
Store.
6 Scan for a certificate subject that matches the issuer of the Identity Server certificate, then click
its name.
If the Issuer has the same name as the Subject name, then this certificate is the root
certificate.
If the Issuer has a different name than the Subject name, the certificate is an intermediate
certificate in the chain. Click Close, and make sure another certificate in the trust store is
the root certificate. If it isn't there, you need to import it and any other intermediate
certificates between the one you have and the root certificate.
7 (Optional) If you have clustered your Identity Servers and Access Gateways and you are
concerned that not all members of the cluster are using the correct trusted root certificates, you
can re-push the certificates to the cluster members.
7a Click Auditing > Troubleshooting > Certificates.
7b Select the Trust Store of your Identity Servers and Access Gateways, then click Re-push
certificates.
7c Update the Identity Severs and Access Gateways.
7d Check the command status of each device to ensure that the certificate was pushed to the
device. From the Identity Servers page or the Access Gateways page, click the Commands
link.
To view sample log entries that are logged to the
is missing, see
page 282.

12.2.5 Certificates in the Correct Certificate Store

Make sure that the server certificates are added to the correct certificate store. In other words, the
Identity Server certificate must be added to the NIDP-connector store, and the Embedded Service
Provider certificate must be added to the Proxy Key Store.
1 In the Administration Console, click Security > Certificates.
2 Click NIDP-connector.
280 Novell Access Manager 3.1 SP1 Identity Server Guide
"Trusted Roots Are Not Imported into the Appropriate Trusted Root Containers" on
278.
catalina.out
Section 12.2.3,
file when a trusted root certificate