iChain and Origin Server SSL Certificates



By: Timothy Loveridge

November 8, 2006 12:00 am

Reads: 202

Comments:0

Rating:0

Problem

I have a problem configuring iChain to communicate via SSL with the origin web server. I have configured the trusted root container, imported the origin web server’s SSL certificate, and I specified the trusted root container in the ISO. Still, it is impossible to view the SSL web page from the origin web server. Is there anything I might have missed?

Solution

You don’t want the origin server SSL certificate in the Trusted Roots Container; you want the CA certificate(s) that were used to sign the server certificate. (It’s a Trusted Roots Container, not an SSL Certificate Container …)

All iChain cares about is that the certificate that the origin server presents was signed (issued) by one of the servers it has been told to trust. For example, if all your back-end servers are using SSL certificates that were signed by Verisign, you would only need to import the Verisign CA (and Intermediate CA) certificate(s) once. iChain would be able to talk to any of them over SSL. Likewise, if you are using
certificates issued by your eDirectory tree, you would just need to import the Organizational CA certificate from you tree to the TRC container to enable iChain to talk to all servers.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: , , ,
Categories: Access Manager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment