By default imonitor uses the (default) SSL CertificateDNS certificate. I'd like
to use a custom certificate for HTTP instead. This should be configurable by
modifying the HTTP Server Object (with iManager or directly with ldap), by
putting the cn of the desired certificate into the httpKeyMaterialObject attribute.

see: edirectory administration guide:
https://www.netiq.com/documentation/....html#b1h7wnjx

unfortunately it is ignored by edirectory.

if i delete 'cn=SSL CertificateDNS - <myserver>' altogether i can no longer connect
to the server, regardless that the http-object is specifying another certificate.

release notes of edirectory 9.0.4 speak of

'..
SSL CertificateDNS Is Not Always Used for httpkeymaterialobject Attribute of the HTTP Server Object#

Issue: SSL Certificate DNS is used as a default certificate for the httpkeymaterialobject attribute of the HTTP server object. However, this certificate is not always selected for the httpkeymaterialobject attribute of the HTTP server object during eDirectory installation.

Fix: This release resolves this issue. This certificate is automatically selected for the httpkeymaterialobject attribute during eDirectory installation.
..'
see: https://www.netiq.com/documentation/....html#b1jh5zfz

might be related ..?

anyone knows of such an issue pre 9.0.4 or how to get it working?


thanks in advance, florian