Access Manager creates the following keystores for each Access Gateway or cluster:
Signing: Contains the certificate that is used for signing logout requests from Access Gateway/ESP to Identity Server.
Encryption: Contains the certificate that is used to encrypt specific fields or data in assertions.
ESP Mutual SSL: Contains the certificate that is used for SSL when you have established SSL communication between Access Gateway and Identity Server. Identity Server and ESP communicates using mutual authentication. The public key (trusted root) of the certificate authority that created the certificate needs to be in Identity Server’s trust store.
Proxy Key Store: Contains the certificate that is used for SSL when you have enabled SSL between a reverse proxy and the browsers. The public key (trusted root) of the certificate authority that created the certificate needs to be in browser’s trust store for the SSL connection to work without warnings. If you create multiple reverse proxies and enable them for SSL, each reverse proxy needs a certificate, and the subject name of the certificate needs to match the DNS name of the reverse proxy.
This keystore does not use the default location: /opt/novell/apache2/certs