Upload Download doesn't work with NetStorage

  • 7011905
  • 08-Mar-2013
  • 13-Mar-2013

Environment

Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1

Situation

Upload Download doesn't work with NetStorage
Can see files but can't download using the menu
Java exception when properties is clicked on a file in NetStorage
When double clicking an item in IE the file can be opened and saved from application.

Resolution

This problem may occur if the Settings.properties file has NOT been formatted properly.  Follow TID 3592807 to confirm that the correct port and protocol settings, as well as servername field are properly populated.

Another possibility is that the XTier registry has become corrupted, or that XTier registry keys are either broken or missing.  TID 3374174 will aid in the recreation of the XTier keys for the OES server.

A more rare cause of this problem happens if the certificate chain is broken or incomplete.  The purpose of this TID is to outline the fix when this is the problem.

Use keytool to query the keystore file:keytool -list -v -keystore cacerts  the default location of this file is /var/opt/novell/tomcat5/conf  (for OES2 SP3) or /var/opt/novell/tomcat6/conf (for OES11) to see what certificates it holds
 
Either re-download the certificate bundle from the vendor, or re-export the certificate from edirectory.  Make sure that the certificate is downloaded in base64 (or convert to base64 using the command on the next line).
 
If required, convert the contained files to base64. Then import them using something like: keytool -import -trustcacerts -alias <cert-alias> -file <name of certificate der file> -keystore cacerts (even if cert already existed in cert file) 

NOTE:  If the certificates being used are from eDirectory, each certificate in the chain will need to be downloaded and imported into cacerts with keytool.

Cause

The upload/download problem with NetStorage is usually seen when at least one of the three following conditions occur:
1. Incorrect settings in the Settings.properties file.
2. Corrupt, missing, or broken XTier registry keys
3. A bad certificate or certificate chain in the Java keystore.

If the certificate chain is broken or bad, errors will appear in the catalina.out file with the message: Certificate chaining error, An example of this is shown below in the Additional Information section.

Additional Information

When troubleshooting an issue such as this, it is often helpful to collect the following files from the server:
Settings.properties (opt/novell/netstorage/webapp/WEB-INF/classes)
/var/log/messages
catalina.out  /var/opt/novell/tomcat5/logs/catalina.out (OES2 SPx) or /var/opt/novell/tomcat6/logs/catalina.out (OES11 SPx)

Error from Catalina.out showing certificate chaining error

Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
 java.security.cert.CertPathValidatorException: The certificate issued by CN=MyServerCA, OU=MyLabSetup, O=Novell is not trusted; internal cause is: 
 java.security.cert.CertPathValidatorException: Certificate chaining error
 at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:249)
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:215)
 at com.ibm.jsse2.util.f.b(f.java:66)
 ... xx more
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=MyServerCA, OU=MyLabSetup, O=Novell is not trusted; internal cause is: 
 java.security.cert.CertPathValidatorException: Certificate chaining error
 at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
 at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
 at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:474)
 at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:386)
 at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:332)
 at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:332)
 at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:195)
 ... xx more