114 Novell Access Manager 3.1 SP1 Administration Console Guidenovdocx (en) 19 February 2010B.5 When a User Accesses a Resource, theBrowser Displays Certificate ErrorsWhen you configure the Identity Server to use SSL (the HTTPS protocol), the browser must beconfigured to trust the CA that created the certificate for the Identity Server. If you use a well-knownCA, the browser is usually already configured to trust certificates from the CA. If you use a less-known CA or the Access Manager CA to create the certificate, you need to import the public key ofthe trusted root certificate into the browsers to establish the trust. For the Access Manager CA, thiscertificate is called configCA.For instructions on how to export the public key of a trusted root certificate, see “Exporting a PublicCertificate” on page 59.To import a public key into the browser, access the certificate options, then follow the prompts: For Internet Explorer 7, click Tools > Internet Options > Content > Certificates > Trusted RootCertification Authorities > Import. For Firefox 2, click Tools > Options > Advanced > Encryption > View Certificates > Authorities> Import.B.6 Access Gateway Canceled CertificateModificationsAn Access Gateway has the following issue when canceling changes to certificate modifications:If you make certificate changes on the Reverse Proxy or the Web Servers page, click theConfiguration Panel link, and then cancel the changes on the Configuration page, the Reverse Proxyis configured with an invalid certificate.To correct the problem, return to the page and select the old certificate. As soon as you exit the page,the certificate is pushed to the device. Because you did not change the certificate, you do not need torestart the Embedded Service Provider.B.7 A Device Reports Certificate ErrorsAfter you restore a device, especially the Administration Console, the device might report certificateerrors. To fix these errors, you need to re-push the certificates from the Administration Console tothe device:1 Click Auditing > Troubleshooting > Certificates.2 Select the store that is reporting errors, then click Re-push certificates.You can select multiple stores at the same time.3 (Optional) To verify that the re-push of the certificates was successful, click Security >Command Status.