When looking for further technical details regarding certificates for the One Identity Manager Password Capture Agent the main requirement during a normal setup is that the Web Server certificate be made available for validation on the Domain Controllers certificate store. The .NET methods are strict about certificate verification so it is important that the certificate host name match the Web Server host name exactly.
Furthermore the environment (domain group policy objects and or IIS settings) could limit the following regarding certifications:
- Certificate signing algorithms
- Certificate hashing mechanisms
- Encryption protocols
- Key exchange algorithms