Long story short:

Configured as an IDP to a third-party IIS/.NET App that is an SP.

We had the SAML stuff working (imported the trusted root, added to OSCP and whatever keystore for the NAM IDS), imported metadata file from SP, voila.

Now we need to change the setup a bit and front-end the origin web server (SP) with the NAM AG. We are also using a different published DNS name vs. the actual server name (we've done this before, but with a different company who knew what they were doing).


Origin server = server12345asb.company.com =

Publish this in NAM AG as: app-prod.company.com =

OK, so they have the SSL cert re-done on the origin web server so that it thinks it's name is:

They re-generate the metadata.xml file

I go into NAM, import the new Trusted root.

When I go to the SAML config and click "reimport" for the metadata file and copy/paste the contents in, I get this error in NAM:

The XML is malformed.
Could not parse certificate: java.io.IOException: Incomplete BER/DER data
Any ideas?