I am trying to setup ssl proxy authentication and need some assistance in
varifying the steps it takes to get this going.

Question 1:

To proxy's ssl authentication, I understand it that I'd be using the
public certificate of the bordermanager server. Is this correct? Do the
users need to have a copy of the trusted root certificate?

Question 2:

Should I point bordermanager's key id setting to SSLCertificateIP or
SSLCertificateDNS. Or should I build a 3rd, kmo, and modify it according
to http://support.novell.com/cgi-bin/se.../10014043.htm?

Question 2:

Do I need to export the public certificate of the proxy server to a der
file and place it in sys:\etc\proxy\data and the add the following string
to the proxy.cfg file "Content-Type: application/x-x509-ca-cert=der." I
came along this in tid 10014042.

Question 3:

Are there any other steps that will have to be taken to get the ssl
session working without prompts or mismatches that you can think of?

Question 4:

How do you recommend I push the certificate out to 2k users? I'd like to
have an automated way of doing this (instead of having them import it
themselves)?