When SSL is used with the provided IBM® SOA Policy Gateway Patterns, the DN host verification is more strict than the default WebSphere® Application Server security.
DN host verification is not enabled in WebSphere Application Server by default.
However, in the script packages used by the IBM SOA
Policy Gateway Patterns,
DN host verification is turned on and can not disabled. A very specific
certificate that works between the default WebSphere Application Server and DataPower® might not work for
the SOA Policy Gateway 2.0.0.0 - Security
script package or
the SOA Policy Gateway 2.0.0.0 - Sample
script package used
with the IBM SOA
Policy Gateway Pattern;
for example, a DN of myserver.yourcompany.com might
be accepted by the WebSphere Application
Server defaults, but not by the script packages. To add or remove
the DataPower certificates
used with the deployment, see Removing or Adding DataPower Certificates to the WSRR Truststore.