Hi,

We recently reinstalled Certificate server on all our servers and
moved
the tree CA from the Bordermanager server to another server (the
Master of
Root which now holds the CA]. This worked fine and portal services and

rconj all use certificates etc. But I find that SSL authentication
only
works on some machines.

The difference seems to be that when the Scurity Alert box comes up,
those
machines that do work have a tick for the 3rd line, "The security
sertificate has a valid name matching the name of the page you are
trying
to view", whereas those that don't work say "The name on the security

certificate is invalid or does not match the name on the site".

By looking at the certificate details the only significant difference
I
can see is that on the working machines the Subject line says:

"Subject: SLOCUK_TREE, 10.38.1.161"
[i.e. the Name of the tree and the IP address of the Brdmngr server],


whereas the not working machines say:

"Subject: SLOCUK_TREE, NWBHOGP01.uk.sunlife"
[i.e. the tree and the dns name of the Brdmgr server]

I do recall when I originally setup the old CA and SSL that there was
an
entry that was supposed to be the IP address of the Brdmgr server and
not
the DNS name, because it cut down on informational security messages,
but
there didn't seem to be anything like that when I recreated.

We are using Brdmgr 3.7.0, Nici 2.0.1, NW6 SP3. The authentication Key
ID
in the Authentication part of the Brdmgr setup is "SSL CertificateIP",

though I don't remember if that's the certificate for the Brdmgr
server or
the main Master of Root server which holds the CA.

The Brdmgr server holds a RW replica of the container where the server

resides.

Any help gratefully received,


Steve Law