Environment
Novell Access Manager 3.2 Administration Console Server
Novell Access Manager 3.2 Access Gateway Appliance
Domain based multihomed setup
Novell Access Manager 3.2 Access Gateway Appliance
Domain based multihomed setup
Situation
After upgrading from Access Manager 3.1 to 3.2, administrator noticed that certificate warnings appeared frequently when accessing protected resources on the Access Gateway appliance. The typical message that would popup would display
"Warning: The selected certificate's subject does not contain 'CN=<$domain_name>'. The CN should either match exactly or have suitable wildcards.
This particular setup has a wildcard certificate with subject name *.novell.com, yet saw the issue hitting any protected resource assigned to a domain based multihomed setup dbmh.novell.com
"Warning: The selected certificate's subject does not contain 'CN=<$domain_name>'. The CN should either match exactly or have suitable wildcards.
This particular setup has a wildcard certificate with subject name *.novell.com, yet saw the issue hitting any protected resource assigned to a domain based multihomed setup dbmh.novell.com
Resolution
Ignore the warning for now. The 3.2 Admin Console checks whether an exact match of the certificate name assigned to the proxy service with the DNS name of that proxy service, and if a difference exists, the above error will be reported. The check is performed everytime the protected resource on the proxy service is accessed which is annoying for the Administrator.
Reported to engineering.
Reported to engineering.