Novell Home

iChain and Origin Server SSL Certificates

Novell Cool Solutions: Tip
By Timothy Loveridge

Digg This - Slashdot This

Posted: 8 Nov 2006
 

Problem

I have a problem configuring iChain to communicate via SSL with the origin web server. I have configured the trusted root container, imported the origin web server's SSL certificate, and I specified the trusted root container in the ISO. Still, it is impossible to view the SSL web page from the origin web server. Is there anything I might have missed?

Solution

You don't want the origin server SSL certificate in the Trusted Roots Container; you want the CA certificate(s) that were used to sign the server certificate. (It's a Trusted Roots Container, not an SSL Certificate Container ...)

All iChain cares about is that the certificate that the origin server presents was signed (issued) by one of the servers it has been told to trust. For example, if all your back-end servers are using SSL certificates that were signed by Verisign, you would only need to import the Verisign CA (and Intermediate CA) certificate(s) once. iChain would be able to talk to any of them over SSL. Likewise, if you are using certificates issued by your eDirectory tree, you would just need to import the Organizational CA certificate from you tree to the TRC container to enable iChain to talk to all servers.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell