Wrong keystore is used for x509 authentication

  • 7011604
  • 10-Jan-2013
  • 31-Jan-2013

Environment

NetIQ Access Management 3.1 SP4
NetIQ Access Management 3.1 IR1

Situation

Customer has the admin console and the idp on the same box and for some reason when x509 auth is done it uses the /opt/novell/jdk1.6.0_26/jre/lib/security/cacerts keystore rather then the truststore keystore.
Now when they upgrade and there is a newer cacerts file it breaks there x.509 authentication.

Resolution

Reported to engineering