Environment
Novell Access Management 3.1
Novell Access Management 3.1 Support Pack 3 IR2 applied.
Novell Access Management 3.1 Support Pack 3 IR2 applied.
Novell Access Manager 3.1 Linux Access Gateway Service
Situation
The Linux Access Gateway Service had secure communication between the proxy and the back-end webserver.
The Web Server Trusted Root setting was set to Any in Reverse Proxy Truststore.
The trustchain of the presented certificate of the back-end webserver had more then 1 certificate.
The /var/log/novell-apache2/error_log showed the following error message:
Verification: Certificate Chain too long (chain has 2 certificates, but maximum allowed are only 1
The Web Server Trusted Root setting was set to Any in Reverse Proxy Truststore.
The trustchain of the presented certificate of the back-end webserver had more then 1 certificate.
The /var/log/novell-apache2/error_log showed the following error message:
Verification: Certificate Chain too long (chain has 2 certificates, but maximum allowed are only 1
Resolution
Add the SSLProxyVerifyDepth 5 to the advanced options under the Access Gateway Service Server Configuration page.
See example below on how this should look like:
#NAGGlobalOptions FlushUserCache=on
#NAGGlobalOptions DebugHeaders=on
#NAGGlobalOptions DebugFormFill=on
#NAGGlobalOptions NoURLNormalize=on
#NAGGlobalOptions AppendProviderID=on
#NAGAdditionalRewriterScheme webcal://
SSLProxyVerifyDepth 5
Reported to engineering and in future release the default of 1 will be changed to a higher value.