Environment
Novell Identity server running on SLES9 SP3 box
Novell Access Administrator running on seperate SLES9 SP3 box
Netware Access Gateway
Novell Access Administrator running on seperate SLES9 SP3 box
Netware Access Gateway
Situation
Configured a reverse proxy with a secured protected resource to
authenticate via the IDP server using HTTP. Confirmed that
all worked well i.e. users could authenticate to the IDP server and
access this protected resource.
Added a new reverse proxy and enabled SSL from browser to proxy server. The various certificate options for this reverse proxy that should appear under here ('Auto-generate Key' and 'Auto-improt Embedded Service provider trusted root' in the Access Gateway Servers -> Configuration -> Reverse Proxy/Authentication -> Reverse proxy menu) are not visible.
Added a new reverse proxy and enabled SSL from browser to proxy server. The various certificate options for this reverse proxy that should appear under here ('Auto-generate Key' and 'Auto-improt Embedded Service provider trusted root' in the Access Gateway Servers -> Configuration -> Reverse Proxy/Authentication -> Reverse proxy menu) are not visible.
Resolution
Create the proxy service first, and then auto generate the server
certificate.
The 'Auto-generate Key' and 'Auto-improt Embedded Service provider trusted root' options only become available after the proxy service has been defined. It is only after this is created that the DNS name of the service is known.
Since the auto-generation of the server certificate requires the subject name of the certificate to match the DNS name of the service, no auto generation of the certificate can be executed before this DNS name is known.
The 'Auto-generate Key' and 'Auto-improt Embedded Service provider trusted root' options only become available after the proxy service has been defined. It is only after this is created that the DNS name of the service is known.
Since the auto-generation of the server certificate requires the subject name of the certificate to match the DNS name of the service, no auto generation of the certificate can be executed before this DNS name is known.