If a user uses the test tool for a certificate authentication scheme, it will fail, even if it works normally (through a browser and the web server). In the authentication log, it appears that the test tool expects an attribute of the issuer DN to be represented differently than it actually appears in the DN. For example, the IssuerDN may use ST for state, when the test tool expects it to be S. The situation is similar for the other attributes listed in Certificate Attributes that Require Custom Mappings.
This situation occurs when the issuer DN and other attributes may differ according to the Web Server Vendor (and the test tool's expectations). For example, the issuer DN for a certificate on an IIS Web server is different from the issuer DN for the same certificate on a Netscape Web server.
To resolve this situation, an administrator should create mappings for the Issuer DNs, so that the Policy Sever can accept the IssuerDn from different web servers.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |