NetIQ Access Manager Console cannot import / renew certificates since upgrading to NAM 3.2

  • 7012201
  • 25-Apr-2013
  • 25-Apr-2013

Environment


NetIQ Access Manager 3.2
NetIQ Access Manager Console Version 3.2

Situation

  • The certificate import / renew process returns a Java Exception Error:

    validateCertChain entry not present in web.xml. So validateCertChain is true. Certificate chain validation will be done java.security.cert.CertificateException

  • The certificate import / renew process works without any further problems using the same trust chain with Novell Access Manager 3.1.5


Resolution

  • edit the "/opt/novell/nam/adminconsole/webapps/roma/WEB-INF/web.xml" on SLES or  configuration file and add the following directives, add the following and restart AC:
<env-entry>
    <env-entry-name>validateCertChain</env-entry-name>
    <env-entry-value>false</env-entry-value>
    <env-entry-type>java.lang.Boolean</env-entry-type>
</env-entry>

  • restart your Access Manager Console

Cause

The import process runs a validation process having the need to verify the complete trustchain. A new more strict certificate validation process has been implemented with NAM 3.2 which seems to cause problems