Novell Home

My Favorites

Close

Please to see your favorites.

Configuring LDAPS connection for iManager on Sun Solaris or Linux

(Last modified: 07May2004)

This document (10090460) is provided subject to the disclaimer at the end of this document.

fact

Novell iManager 2.0.1

Novell iManager 2.0.2

Novell exteNd Director 4.1 Standard Edition

Novell exteNd Director 4.1 Standard Edition Service Pack 1

Novell eDirectory 8.7.1

Novell eDirectory 8.7.3

Linux

RedHat Linux 7.3

RedHat Linux 8

RedHat Linux 2.1 AS

RedHat Linux 3 AS

SuSE Enterprise Server 8

Sun Solaris 9

Sun Solaris 8

symptom

Configuring LDAPS connection for iManager on Sun Solaris or Linux

Configuring LDAPS connection for exteNd Director 4.1 Standard Edition on Sun Solaris or Linux

Error: "<entry src="Rendering IO Error:"><![CDATA[javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Could not find trusted certificate"

Configuring LDAPS connection for DEX

cause

Novell iManager was installed using cleartext connection to LDAP

Novell exteNd Director 4.1 Standard Edition was installed using cleartext connection to LDAP

The certificate which the LDAP server was configured to use, was not exported, and imported into Java's keystore.

fix

Do the following to enable LDAPS communication to the LDAP server.

Export the certificate:
1. Use ConsoleOne
2. Select properties on "CertificateDNS - <servername>"
3. Goto the "Certificates"
4. Select "Public Key Certificate"
5. Click on [Export]
6. Do you want to export the private key with the certificate: No
7. Click on [Next]
8.a. File in Base 64 format
8.b. Optionally; change the filename to one without any spaces in
9. Click on [Next]
10. Click on [Finish]
11. Copy the certificate file to the server, using a secure method like scp (Secure Copy).

Import the certificate into Java's keystore
1. If exist, make a copy of the keystore: # cp <JAVA_HOME>/jre/lib/security/cacerts <JAVA_HOME>/jre/lib/security/cacerts.orig
2. If exist, copy existing keystore to working directory: # cp <JAVA_HOME>/jre/lib/security/cacerts .
3. Import the certificate into the keystore
3.a. # keytool -import -file <certificate file>.b64 -keystore cacerts
3.b. Password: changeit
3.c  Trust this certificate: yes
4. Copy cacerts to /usr/java/jre/lib/security: # cp cacerts <JAVA_HOME>/jre/lib/security

If iManager or DEX was installed using cleartext LDAP communication, Modify PortalServlet.Properties
1. Edit <TOMCAT_HOME>/webapps/nps/WEB-INF/PortalServlet.Properties, using vi or another editor
2. Change
   System.DirectoryAddress=<ipaddress or '127.0.0.1'>\:389
   to
   System.DirectoryAddress=<ipaddress or '127.0.0.1'>\:636
3. Save the file

Restart Tomcat
1. # <TOMCAT_HOME>/bin/catalina.sh stop
1.a. or # <TOMCAT_HOME>/bin/shutdown.sh
2. # <TOMCAT_HOME>/bin/catalina.sh start
2.a. or # <TOMCAT_HOME>/bin/startup.sh

Test it
1. For iManager use the following URL: http://<ipaddress or dnsname>/nps/iManager.html
2. For DEX use the following URL: http://<ipaddress or dnsname>/nps

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10090460
  • Solution ID: NOVL94992
  • Creation Date: 20Jan2004
  • Modified Date: 07May2004
    • NovellManagement Products

      Web Services

Did this document solve your problem? Provide Feedback