Problems defining backend server certificate DN verification with WebSEAL

Question & Answer

Question

When defining a backend server certificate DN in WebSEAL, is the DN case sensitive?

Answer

Yes, when defining the DN, you must have the case match exactly what WebSEAL will see from the backend's certificate. For example...

pdadmin sec_master> s t default-webseald-host1 create -h host2 -D "cn=Test-Only,OU=Tivoli Systems,O=IBM,C=US" /dn -f -t ssl -B -U "test" -W "test"
DPWWA1222E A third-party server is not responding. Possible causes: the server is down, there is a hung application on the server, or network problems. This is not a problem with the WebSEAL server.
DPWIV1218E Error in junctioned server DN verification.
DPWWM1472I The specified DN for the junctioned server certificate is incorrect.
The recorded DN should be "CN=Test-Only,OU=Tivoli Systems,O=IBM,C=US"
Created junction at /dn

pdadmin sec_master> s t default-webseald-host1 create -h host2 -D "CN=Test-Only,OU=Tivoli Systems,O=IBM,C=US" /dn -f -t ssl -B -U "test" -W "test"
Created junction at /dn

Note that the only difference in this case was the CN vs cn in the DN definition.

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WebSEAL","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Problems defining backend server certificate DN verification with WebSEAL

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?