Environment
Situation
Resolution
ADMIN CONSOLE : /opt/novell/nam/adminconsole/conf/server.xml
Change both the connectors at
the end of the file, see following examples:
<Connector
NIDP_Name="devman" port="8444" maxThreads="200"
minSpareThreads="5" enableLookups="false"
acceptCount="100" scheme="https" secure="true" disableUploadTimeout="true"
URIEncoding="utf-8" clientAuth="true"
sslProtocol="tls"
sslImplementationName="com.novell.socket.DevManSSLImplementation"
keystoreFile="/var/opt/novell/novlwww/devman.keystore"
keystorePass="EE0D4C4394C5B50F" SSLEnabled="true" address="$IP_ADDRESS"
/>^M
<Connector
NIDP_Name="connector" port="8443"
maxHttpHeaderSize="8192" maxThreads="200"
minSpareThreads="5" enableLookups="false"
disableUploadTimeout="true" acceptCount="0"
scheme="https" secure="true" clientAuth="false"
sslProtocol="tls" URIEncoding="UTF-8"
allowUnsafeLegacyRenegotiation="false"
keystoreFile="/var/opt/novell/novlwww/.keystore"
keystorePass="changeit" SSLEnabled="true"
address="$IP_ADDRESS" ciphers="SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" />
IDP : /opt/novell/ nam/idp/conf/server.xml
Change the last connector (
NIDP_Name=”connector”) to be similar to:
<Connector
NIDP_Name="connector" address="$IP_ADDRESS"
port="2443" maxThreads="600" minSpareThreads="5"
enableLookups="false" acceptCount="100"
scheme="https" secure="true" disableUploadTimeout="true"
URIEncoding="utf-8" sslProtocol="TLS"
clientAuth="false"
sslImplementationName="com.novell.nidp.common.util.net.server.NIDPSSLImplementation"
keystoreFile="/opt/novell/devman/jcc/certs/nam/nam.keystore"
keystorePass="changit" SSLEnabled="true" ciphers="SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA" />
Restart the appliance after
these changes.