Previous Topic: Certificate-based Authentication TestsNext Topic: Install the Oracle iPlanet Web Server Certificate

Policy Server GuidesPolicy Server Configuration GuideTroubleshooting SSL Authentication Schemes

Troubleshooting SSL Authentication Schemes

This section contains the following topics:

Overview

SSL Configuration

SSL Troubleshooting

Overview

Configuring the SSL Advanced Authentication Schemes requires Web Servers to be properly configured to use SSL. Most of the problems you may encounter configuring Authentication Schemes over SSL connections are likely to be SSL configuration issues. Therefore, the first step in troubleshooting Authentication Schemes over SSL is to verify that SSL is properly configured and working. This is done without the interaction of the SiteMinder Web Agent so that these components can be individually analyzed.

Determine SSL Connection Ability

The first step in troubleshooting Authentication Schemes over SSL is to verify that SSL is properly configured and working. This is done without the interaction of the SiteMinder Web Agent so that these components can be individually analyzed.

To determine whether you are able to establish an SSL connection

  1. Disable the SiteMinder Web Agent protecting the realm for which you want to use an authentication scheme over SSL.

    Note: For information about disabling a Web Agent, see the Web Agent Configuration Guide.

  2. Using your browser, go to one of the following URLs (using a browser with a certificate):

    If this SSL connection is configured to require certificates, you will be prompted to select a certificate.

If you are unable to successfully establish this SSL connection, then see SSL Configuration for more information on configuring SSL. If you were able to establish this connection, but have not been successful in configuring SiteMinder, see SSL Troubleshooting.

SSL Configuration

It is imperative that SSL be configured and working properly before using SiteMinder. In order to make an SSL connection, you must be able to trust the certificate authority of an incoming certificate. For example, if a browser presents a certificate that was signed by VeriSign, you must have a VeriSign Certificate Authority installed and trusted in the Web Server. In addition to trusting client certificates that are presented, the server itself must have a certificate to present to the clients. The clients have to trust the Certificate Authority that issued the certificate. This allows for mutual authentication. Once these certificates have been installed, you can configure the Web Server to use SSL and require certificates, if desired.

For detailed SSL configuration information, see the documentation provided with your web server software. This section contains step-by-step instructions for configuring your Web Server and Web browser to successfully establish an SSL connection. If you have correctly configure SSL, but are still having problems making the connection, see the common problems at the end of the section.