Fix Certificate Problems In Open Enterprise Server Caused By Updating Java2
Novell Cool Solutions: Tip
By Aaron Gresko
Digg This -
Posted: 30 Jun 2005
Open Enterprise Server has an issue with Java2 updates and the cacerts keystore used by various Novell services to authenticate secure LDAP. If you've installed patch-9788 or patch-10258 then you probably have this problem. The problem is only an issue for systems with VirtualOffice and/or iManager installed and configured.
Identifying the Problem
Use the keytool utility to see if the system has the problem. Do the following:
- Open a terminal and su to root.
- Enter /opt/novell/lib/java2/jre/bin/keytool -list -keystore /opt/novell/lib/java2/jre/lib/security/cacerts -storepass changeit | grep sscert.
On a correctly configured system running both VirtualOffice and iManager the output should show an entry for each service named with the treename (e.g. vo_treename_sscert, imananger_treename_sscert). These entries are for the eDirectory root certificate.
- Enter /opt/novell/lib/java2/jre/bin/keytool -list -keystore /opt/novell/lib/java2/jre/lib/security/cacerts -storepass changeit | grep 'hostname'.
On a correctly configured system, the output should show an entry for the hostname of the system. This entry is for the server certificate.
If the system doesn't have the above entries, then services like VirtualOffice will give an error when accessed (i.e. http://ipaddressofserver/vo will throw a javax error). iManager plugins like NetStorage give authentication errors when accessed, as shown below.
Problem Cause and Resolution
The cause of the problem is that Java2 and Java2-jre packages overwrite the cacerts keystore. Open Enterprise Server services add the certificates for eDirectory and the server to the keystore during their configuration.
In the future, OES services dependent on the keystore will copy the keystore to an alternate location and then add the necessary certificates. In the meantime, the problem can be avoided if the system has not been patched or fixed if one or both of the Java patches are already applied.
Avoiding the problem and fixing it are both addressed in this Novell Support Knowledgebase TID.
After following the instruction in the TID, check if the web services are working correctly by accessing https://ipaddressofserver/vo and clicking on the NetStorage options in iManager. A working iManager is shown below.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com