Sunday, April 16, 2006

 

Simple Mode Cert Regeneration (Access)

When simple mode certificates are going to expire, they need to be regenerated so the component(s) that have the old certificates may still communicate with other COREid components. The method for regenerating certificates varies between the COREid Access and Identity Systems. The Access Server, WebGate and AccessGate components all use the configuration tool relevant to their install. These are as follows:
Access Server
configureAAAServer reconfig "c:\Program Files\coreid\access"

WebGate
configureWebGate -i "c:\Program Files\coreid\WebComponent\access" -t WebGate -R

AccessGate
configureAccessGate -i "c:\Program Files\coreid\WebComponent\access" -t AccessGate -R

Restart the COREid component to get it to bind to TCP/IP port with the new certificate.


See Also: Simple Mode Cert Regeneration (Identity)

Comments:
Don't forget to copy your simple cert that you created for the identity portion in the SDK portion as well:
\NetPoint\AccessServerSDK\oblix\config\simple

One thing to note, if you are using simple certs, you can use the same ones everywhere, for both acccess and identity.

If you do not update the SDK certs, anytime you call out a function fromt the development kit, it will fail as it cannot negotiate with the identity services.
 
Thanks for give this instruction.

After regenerate the certificates under this instruction

The new certificates are created and the services started, but still could not access access manager and identity manager through webGUI, the screen shows blank or just title. The log shows the error is on simple mode authentication, but no details.

Did you experience same problem and have this fixed. Or how do I change the configure to Open mode.(remind: I could not access access console through webGUI)?

Waiting for your update
 
The best I can guess from the information provided is that something in your cert regeneration process is incomplete. Is there more than one web component in your install and are you sure that you have touched all the components? Typically, this will include all webgates, accessgates, and webpasses. If possible, can you remove the webgate from the webserver protecting your Policy Manager (Access System Console) to see if your webpass is working?

There are ways to change the mode via the file system and directory on the webcomponents but it is easier to reconfigure things from the server components onwards unless you are very familiar with all the inner workings of the product.

Sorry, no quick fix. Best of luck.
 
If you end up with blank screens or errors after renewing your certs then check the permissions of the certificates and on password.xml. I found on my windows host that IIS could no longer read password.xml in the WebPass install.
 
What is the command to check the certificates expirations. ??
 
Hi Ash... here is a post on that http://coreidng.blogspot.com/2006/03/certificate-expiration-dates.html

dave
 
Post a Comment

Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?