SSL in AM/OpenAM and Policy Agents

This book provides information on SSL in AM/OpenAM and policy agents, including connections and certificates.

Printer friendly view

Table of Contents

  • 1 Installation and Configuration
    • 1.1 How do I enable SSL in AM/OpenAM (All versions) post-install?
    • 1.2 How do I enable SSL in AM/OpenAM (All versions) for an existing installation?
    • 1.3 How do I make AM/OpenAM (All versions) communicate with a secured LDAP server?
    • 1.4 How do I import a certificate into the truststore used by AM/OpenAM (All versions) for SSL?
    • 1.5 How do I configure AM/OpenAM (All versions) to check the HTTP header for the user certificate?
  • 2 SSL Offloading
    • 2.1 How do I configure a Web Policy Agent (All versions) for SSL offloading?
    • 2.2 How do I configure a Java Policy Agent (All versions) for SSL offloading?
    • 2.3 How do I configure SSL offloading at the Policy Agent (All versions) for virtual hosts?
  • 3 Frequently Asked Questions
    • 3.1 FAQ: SSL/TLS secured connections in AM/OpenAM and Policy Agents
    • 3.2 FAQ: SSL certificate management in AM/OpenAM and Policy Agents
  • 4 Known Issues
    • 4.1 AM 5.x and 6.0.0.x, IDM 6.x and Rest2LDAP cannot connect to DS 5.x or 6 after restricting DS cipher suites or Java upgrade
    • 4.2 LDAP connection fails with No subject alternative DNS name matching error in AM 5.1.x, 6.x and DS 5.5.1, 5.5.2, 6.x
    • 4.3 SSLHandshakeException or ClassCastException when using an HSM and Java 11 with ForgeRock products
    • 4.4 AM/OpenAM (All versions) redirects to HTTP when deployed on Apache Tomcat with a load balancer doing SSL/TLS offloading
    • 4.5 AM/OpenAM (All versions) fails to connect to DS/OpenDJ using a secured connection with an ERROR: Connection factory became offline
    • 4.6 Apache Web Agent (All versions) repeatedly reports failed to load OPENSSL_init_ssl errors
    • 4.7 Policy Agents and AM/OpenAM (All versions) fail to install on IBM WebSphere when SSL is enabled
    • 4.8 Installing a Web Agent (All versions) fails with a no ssl/library support error
    • 4.9 Schannel communications fail in Web Agents 4.1, 4.2 and 5.x running on Microsoft Windows 2008 R2 or 2012 with TLS 1.2 enabled