Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

IPP Error: 0x40001 managing iPrint object on iPrint Appliance

This document (7013314) is provided subject to the disclaimer at the end of this document.

Environment

iPrint Appliance

Situation

After importing a signed certificate thru the MC console into the JVM keystore on the appliance, when logging into iManager and attempting to manage an iPrint object, an error is displayed:

javax.net.ssl.SSLKeyException: RSA premaster secret error
IPP Error: 0x40001

Resolution

1. Download unrestricted JCE policy files from the IBM website:

https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=jcesdk&lang=en_US&S_PKG=13_01&cp=UTF-8

In the downloaded archive there are two files :

- US_export_policy.jar
- local_policy.jar

These files needs to be copied and need to replace the ones on the appliance. Follow these steps:

Note: Backup the existing files before replacing them

 1. Find the tomcat instance which runs iManager

ps -aef | grep "catalina.home=/var/opt/novell/tomcat6"

2. The above command displays the process command line which runs tomcat

e.g.

wwwrun    3422     1  0 22:37 ?        00:00:02 /usr/lib64/jvm/jre-1.6.0-ibm/bin/java -Djava.library.path=/opt/novell/eDirectory/lib64:/var/opt/novell/tomcat6/lib:/usr/lib64 -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Djavax.net.ssl.trustStore=/var/opt/novell/tomcat6/conf/cacerts -Dcom.ibm.tools.attach.enable=no -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Djavax.net.ssl.trustStore=/var/opt/novell/tomcat6/conf/cacerts -Dcom.ibm.tools.attach.enable=no -classpath /var/opt/novell/tomcat6/bin/bootstrap.jar:/var/opt/novell/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/opt/novell/tomcat6 -Dcatalina.home=/var/opt/novell/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/opt/novell/tomcat6/temp -Djava.util.logging.config.file=/var/opt/novell/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start

3. Note the java which runs this tomcat instance.

e.g.

/usr/lib64/jvm/jre-1.6.0-ibm/bin/java

4. List the lib directory of that java version

e.g.

l /usr/lib64/jvm/jre-1.6.0-ibm/lib/security/

output contains:

US_export_policy.jar -> /etc/alternatives/jce_1.6.0_ibm_us_export_policy

local_policy.jar -> /etc/alternatives/jce_1.6.0_ibm_local_policy

5. check where these policy link points

e.g.

l /etc/alternatives/jce_1.6.0_ibm_us_export_policy

/etc/alternatives/jce_1.6.0_ibm_us_export_policy -> /usr/lib64/jvm-private/java-1_6_0-ibm/jce/unrestricted/US_export_policy.jar

l /etc/alternatives/jce_1.6.0_ibm_local_policy

/etc/alternatives/jce_1.6.0_ibm_local_policy -> /usr/lib64/jvm-private/java-1_6_0-ibm/jce/unrestricted/local_policy.jar

6. Replace the downloaded jars at these locations.

cp <path to downloaded local_policy jar file> /usr/lib64/jvm-private/java-1_6_0-ibm/jce/unrestricted/local_policy.jar

cp <path to downloaded US_export_policy jar file> /usr/lib64/jvm-private/java-1_6_0-ibm/jce/unrestricted/US_export_policy.jar

7. Restart appliance

Cause

The JCE polices shipped with the appliance do not allow certificates with long key size. The unrestricted polices from IBM resolve this problem.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7013314
  • Creation Date:18-SEP-13
  • Modified Date:03-DEC-15
    • NovelliPrint

Did this document solve your problem? Provide Feedback