Our scenario is like, end users will be loginTO Portal through Web Seal (Tivoli Access Manager) where portal defined as one of junction.
And UME for Portal is LDAP.
Recently we have upgraded portal from NW 702 to NW 740, since then connection through Webseal to portal is stopped working.
Simply throwing error "Third Party Server not responding" and also there is no logs writing on Webseal side as there is no connection with portal.
There is communication between both thru certificates:
in NW 702:
TAM certificate was exported in path => VA => Keystore->TrustedCAs
Portal certificate under => VA=> Service_ssl was updated in TAM.
(This certificate generated with same name defined under VA => SSL Provider => runtime=> Dispatcher xx => Serveridentiy)
In NW740, these paths got some how changed, ICM came into picture. (missing concept with this)
WebSeal Admin says:
WebSEAL verifies a back-end server certificate according to the standard SSL protocol. The back-end server sends its server certificate to WebSEAL. WebSEAL validates the server certificate against a pre-defined list of root Certificate Authority (CA) certificates.
The Certificate Authority (CA) certificates that form the trust chain for the application server certificate (from the signing CA up to and including the root certificate) must be included in the key database in use by WebSEAL.
You use the iKeyman utility to create and manage the database of root CA certificates.
Below are ICM params defined instance profile:
icm/HTTP/ASJava/disable_url_session_tracking = TRUE
icm/HTTPS/client_certificate_header_name = SSL_CLIENT_CERT
icm/HTTPS/client_certificate_chain_header_prefix = SSL_CLIENT_CERT_CHAIN_
icm/keep_alive_timeout = 300
icm/HTTPS/client_cipher_suite_header_name = SSL_CIPHER_SUITE
icm/HTTPS/client_key_size_header_name = SSL_CIPHER_USEKEYSIZE
icm/server_port_0 = PROT=IIOP, PORT=50007
icm/server_port_1 = PROT=TELNET, PORT=50008, HOST=localhost
icm/server_port_2 = PROT=IIOPSEC, PORT=50003, SSLCONFIG=ssl_config_2
icm/ssl_config_2 = VCLIENT=1, CRED=/usr/sap/QXP/J00/sec/SAPSSLS.pse
icm/server_port_3 = PROT=P4, PORT=50004
icm/server_port_4 = PROT=P4SEC, PORT=50006, SSLCONFIG=ssl_config_4
icm/ssl_config_4 = VCLIENT=1, CRED=/usr/sap/QXP/J00/sec/SAPSSLS.pse
icm/server_port_5 = PROT=HTTPS, PORT=1443, TIMEOUT=60, PROCTIMEOUT=600, SSLCONFIG=ssl_config_5
icm/ssl_config_5 = VCLIENT=1, CRED=/usr/sap/QXP/J00/sec/SAPSSLS.pse
icm/server_port_6 = PROT=HTTP, PORT=50000, TIMEOUT=60, PROCTIMEOUT=600
Portal HTTPS port is 1443 => with this port we are experiencing strange behaviour when accessing portal directly also, like for few users from FireFox its opening without any issue, but few users getting error "Secure Connection Failed", but from IE no one able to open portal page with https port 1443 either with host or ip.
I am expecting we are missing something with HTTPS ,ICM, Certificates once we went on to NW 740.
There will not be issue with WebSeal as their side no changes occured.
Any help on this well appreciated. Thanks in advance.