iChain accelerator Configured with:
3rd Party Certificate storing a 2048 bit RSA key assigned
Microsoft Windows XP Service Pack 2
Novell Client 4.91 Service Pack 2
Novell Netidentity Client 1.23
Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Middle Tier
- Using a certificate created by the Novell iChain proxy server assigned to the Xtier accelerator the Netidentity client returns the expected Netidentity authentication prompt and authentication works fine
The iChain internal Certificate size = 1632 bytes (Base64 encoded)
- Using a 3rd Party certificate assigned the Novell NetIdentity Client authentication prompt does not appear instead the browser displays a line of garbled characters
- The 3rdParty
Certificate size = 2148 bytes (Base64 encoded)
The Netidentity client does not work with x509 certificates having a size greater than 2048 bytes.
- Looking at into the details of the Base64 encoded 3rd Party certificate the line of characters returned by the browser client are matching exactly the last 101 Base64 encoded characters
- Taking traces with Wireshark at the workstation with the Novell iChain internal certificate assigned and the non working 3rd Party Certificate assigned scenario shows that in both cases the assigned certificate to the Xtier enabled accelerator will be send to the browser client together with the Xtier realm, nonce and GUID to the browser client in two TCP segment.