13.2 Configuring Certificate Settings

Access Manager components and agents can access the keystore to retrieve certificates, keys, and trusted roots as needed.

Before you proceed with this section, make sure you have already created a certificate. For more information on creating certificates, see Security and Certificate ManagementNovell Access Manager 3.1 SP1 Administration Console Guide.

NOTE:Make sure that SSL VPN certificate names contain only alphanumeric characters, space, underscore (_), hyphen (-), the at symbol @, and the dot (.).

  1. In the Administration Console, select Devices > SSL VPN > Edit.

  2. Select SSL VPN Certificates from the Security settings section. The Certificates for SSL VPN page is displayed.

    Adding SSL VPN certificates

  3. Click SSL Cert. The Keystore: SSL VPN Secure Tunnel page is displayed.

    Adding certificate to SSL VPN STunnel

    Certificates in the SSL VPN STunnel are used by SSL VPN services for encryption. This page contains the following information:

    Keystore name: Specifies the name of the keystore to which the certificate belongs.

    Keystore type: Specifies the type of keystore. It can be Java, PEM, or PKCS12.

    Device: Specifies the IP address of the SSL VPN device.

    NOTE:Every imported SSL VPN device has a default certificate.

  4. To replace the default certificate, click Replace. The Replace dialog box is displayed.

    Replacing SSL VPN certificate

    Fill in the following fields:

    Certificates: Click the Select Certificate icon to browse and select the certificate that you want to associate with SSL VPN.

    Alias(es): You can provide an alternate name for the certificate you are importing.

  5. Click OK to save changes.

  6. To save your modifications, click OK, then click Update on the Configuration page.