Novell Access Management 3.1 Support Pack 3 IR2 applied.
The Web Server Trusted Root setting was set to Any in Reverse Proxy Truststore.
The trustchain of the presented certificate of the back-end webserver had more then 1 certificate.
The /var/log/novell-apache2/error_log showed the following error message:
Verification: Certificate Chain too long (chain has 2 certificates, but maximum allowed are only 1
Add the SSLProxyVerifyDepth 5 to the advanced options under the Access Gateway Service Server Configuration page.
See example below on how this should look like:
Reported to engineering and in future release the default of 1 will be changed to a higher value.