Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-256

Could not find a way to use a client certificate file with IIS

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Not a defect
    • Affects Version/s: 4.1.0
    • Fix Version/s: None
    • Component/s: Web Agents
    • Labels:
    • Environment:
      Windows 2012 IIS RC 5

      Description

      I could not get the Windows Native SSL working with IIS for .pfx certificates

      Steps to recreate
      1) Copy the client certificate in pfx format into a folder
      2) agentadmin --k (from dos prompt) to generate an encryption key
      3) agentadmin --p key password"
      4) Set the following fields in config
      com.forgerock.agents.config.cert.file = C:\Certificates\amqa-clone82-client.pfx
      com.forgerock.agents.config.cert.key = M2E5ZDFhNDYtMTMwYi0wMg==
      com.forgerock.agents.config.cert.key.password = KO8MJkSYPHY=
      com.sun.identity.agents.config.trust.server.certs = false
      Restart IIS server
      Agent config fails to get loaded properly and logs stop at the following point

      2016-11-08 14:59:04.838 +0000   DEBUG [3700:3272][source/config_file.c:336] am_get_config_file() com.forgerock.agents.init.retry.max is set to '0'
      2016-11-08 14:59:04.838 +0000   DEBUG [3700:3272][source/config_file.c:336] am_get_config_file() com.forgerock.agents.init.retry.wait is set to '0'
      2016-11-08 14:59:04.838 +0000   DEBUG [3700:3272][source/config_file.c:336] am_get_config_file() com.sun.identity.agents.config.load.balancer.enable is set to '0'
      2016-11-08 14:59:04.838 +0000   DEBUG [3700:3272][source/config_file.c:336] am_get_config_file() com.sun.identity.agents.config.local.log.size is set to '0'
      2016-11-08 14:59:04.838 +0000   DEBUG [3700:3272][source/config_file.c:336] am_get_config_file() com.sun.identity.agents.config.notification.enable is set to '1'
      2016-11-08 14:59:04.838 +0000   DEBUG [3700:3272][source/config_file.c:336] am_get_config_file() com.sun.identity.agents.config.trust.server.certs is set to '0'
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chris.lee Chris Lee
                Reporter:
                edward.barker edwardb
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: