Novell Identity Server login page not displayed with Internet Explorer 7

Installed and configured a Novell Identity (IDP) Server and Linux Access Gateway to talk HTTPS to browser. Firefox browsers and Internet Explorer 6 (IE6) worked fine. The user was presented with the IDP login page and after a successful authentication, the secured protected resource was displayed.

An Internet Explorer 7 (IE7) browser was then tested and the IDP login page was never displayed. Traces showed that the SSL handshake to the IDP server from the browser would fail (after a full handshake, an SSL alert was sent and no subsequent partial handshake would take place, something that always took place with IE6). Going direct to the IDP server from the same browser worked fine.

Make sure that the trusted root certificate for the IDP server certificate is imported into the browser.

When IE7 detects a server certificate that is signed by an unrecognised source (our tests were using a Novell CA), it displays an error and a warning that the user must accept before continuing. By importing the trusted root certificate for the Novell CA, we bypass this check and get to the IDP login page. Doing this check however causes IE7 to fail in it's SSL handshake to the back end IDP server.

Problem occured regardless of whether TLS 1 was enabled or not.