Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 63

Variable
<key_pwd>
5 To restart Tomcat, enter the following commands:
net stop Tomcat5
net start Tomcat5
6 Continue with
"Verifying the Use of the nCipher Key Pair" on page
Verifying the Use of the nCipher Key Pair
After you have configured the Identity Server to use the nCipher key pair and have restarted Tomcat,
the metadata of the Identity Server indicates that the nCipher key pair is being used for the signing
certificate.
1 In a browser, enter the following URL:
http://<DNS_name>:8080/nidp/idff/metadata
Replace <DNS_name> with the DNS name of your Identity Server.
2 Search for the following string:
<md:KeyDescriptor use="signing">
3 Copy the certificate text between the
ds:X509Certificate>
4 Paste the text into a text editor.
5 Delete the
<ds:X509Certificate>
-----BEGIN CERTIFICATE-----
6 Delete the
</ds:X509Certificate>
-----END CERTIFICATE-----
7 Save the file as a text file with a .
8 Open the file in Internet Explorer.
9 View the certificate details.
If the Identity Server is using the nCipher signing certificate, the certificate is issued by your
CA and the name the certificate is issued to is the name you specified for the certificate.
If the Identity Server is using the Access Manager certificate, the certificate is issued by the
Organizational CA and the certificate name is test-signing. For troubleshooting information,
see "Troubleshooting the netHSM Configuration" on page
Value
When using module-protected keys, the key password must be null.
For example:
com.novell.nidp.extern.signing.keyPwd=
<ds:X509Certificate>
tags
tag and replace it with the following text:
tag and replace it with the following text:
extension.
cer
63.
and the
</
64.
Configuring an Identity Server 63