1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ACCESS MANAGER 3.1 SP2 - README 2010
  6. Manual

Certificate Names - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

Identity server guide
Hide thumbs Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
Table of Contents

Advertisement

The same is true for the Identity Server. It must be able to resolve the hostname of the Access
Gateway. To discover the URL for the Access Gateway metadata:
1 In the Administration Console, click Devices > Access Gateways > Edit > Reverse Proxy/
Authentication.
2 View the Embedded Service Provider section.
The URL of the metadata is displayed in this section.
To view the metadata, enter the displayed URL. Scan through the document and notice the multiple
references to the hostname of the Access Gateway. You should see lines similar to the following. In
these lines, the hostname is ag1.provo.novell.com.
<md:SoapEndpoint>
http://ag1.provo.novell.com:80/nesp/idff/spsoap
</md:SoapEndpoint>
<md:SingleLogoutServiceURL>
http://ag1.provo.novell.com:80/nesp/idff/spslo
</md:SingleLogoutServiceURL>
<md:SingleLogoutServiceReturnURL>
http://ag1.provo.novell.com:80/nesp/idff/spslo_return
</md:SingleLogoutServiceReturnURL>
To test that the Identity Server can resolve the hostname of the Access Gateway, send a
command with the hostname of the Access Gateway. For example, from the Identity Server:
ping ag1.provo.novell.com
To view sample log entries that are logged when a DNS name cannot be resolved, see
Embedded Service Provider Cannot Resolve the Base URL of the Identity Server" on page

15.2.3 Certificate Names

Make sure the certificates for the Identity Server and the Embedded Service Provider match the
hostnames defined in the metadata URL (see
page
351).
When the Identity Server and the Access Gateway are enabled for HTTPS, all communication to
these devices requires that the devices send back a server certificate. Not only must the certificate be
assigned to the appropriate device, but the subject name of the device certificate must match the
hostname of the device it is assigned to.
To verify the certificate name of the Identity Server certificate:
1 In the Administration Console, click Devices > Identity Servers > Edit.
2 Click the SSL Certificate icon.
The SSL Connector keystore is displayed
352 Novell Access Manager 3.1 SP2 Identity Server Guide
Section 15.2.2, "DNS Name Resolution," on
ping
"The
355.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010

Related Content for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010

Table of Contents