Environment
Novell Access Management 3.1 Support Pack 3 IR2 applied.
Novell Access Manager 3.1 Linux Access Gateway Service
Situation
The Linux Access Gateway Service had secure communication between the proxy and the back-end webserver.
The Web Server Trusted Root setting was set to Any in Reverse Proxy Truststore.
The /var/log/novell-apache2/error_log showed the following error message:
[Fri Sep 30 10:58:01 2011] [error] [client 10.77.16.42] Certificate Verification: Error (19): self signed certificate in certificate chain
[Fri Sep 30 10:58:01 2011] [debug] ssl_engine_kernel.c(1893): OpenSSL: Write: SSLv3 read server certificate B
[Fri Sep 30 10:58:01 2011] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit: error in SSLv3 read server certificate B
[Fri Sep 30 10:58:01 2011] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit: error in SSLv3 read server certificate B
[Fri Sep 30 10:58:01 2011] [info] [client 10.77.16.41] SSL Proxy connect failed
[Fri Sep 30 10:58:01 2011] [info] SSL Library Error: 336134278 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Resolution
Make sure that the correct trusted root certificates are imported into the admin console.
The trusted root certificates should be stored into the Proxy Trust Store of the device that has secure communication setup to a back-end webserver.