2.6 Configuring Certificate Settings

Access Manager components and agents can access the keystore to retrieve certificates, keys, and trusted roots as needed.

When SSL VPN is installed, it creates a test-connector certificate with the default DNS name of the SSL VPN. However, if you have changed the default DNS name of the SSL VPN, then you must create a new certificate and replace the test-connector.

The following instructions assume that you have already created a certificate. For more information on creating certificates, see Security and Certificate Management in the NetIQ Access Manager 3.2 SP1 Administration Console Guide.

Before you proceed with the configuration, log in to the Administration Console, select Security > Trusted Roots, click the down arrow for the trusted root that you are interested in. Make sure that two SSL VPN trust stores are displayed. If they do not exist, you must manually push the certificates to the trust store.

NOTE:Make sure that SSL VPN certificate names contain only alphanumeric characters, space, underscore (_), hyphen (-), the at symbol @, and the dot (.).

  1. In the Administration Console, select Devices > SSL VPN > Edit.

  2. Select SSL VPN Certificates from the Security settings section.

    Adding SSL VPN certificates
  3. Click SSL Cert.

    Adding certificate to SSL VPN STunnel

    Certificates in the SSL VPN STunnel are used by SSL VPN services for encryption. This page contains the following information:

    Keystore name: Displays the name of the keystore to which the certificate belongs.

    Keystore type: Displays the type of keystore. It can be Java, PEM, or PKCS12.

    Device: Displays the IP address of the SSL VPN device.

  4. To replace the default certificate, click Replace.

    Replacing SSL VPN certificate

    Fill in the following fields:

    Certificates: Click the Select Certificate icon to browse and select the certificate that you want to associate with SSL VPN.

    Alias(es): You can provide an alternate name for the certificate you are importing.

  5. Click OK to save changes.

  6. To save your modifications, click OK, then click Update on the Configuration page