iManager is inaccessible due to an SSL error

  • 7015206
  • 16-Jun-2014
  • 19-Dec-2018

Environment

eDirectory 8.8.7
eDirectory 8.8.8
iManager 2.7.7
Apache2
Novell Open Enterprise Server 11 SP2 (OES11SP2)
Novell Open Enterprise Server 11 SP1 (OES11SP1)

Situation

iManager is inaccessible due to an ssl error

All https traffic returns the following error:
SSL received a record that exceeded the maximum permissible length Error code: ssl_error_rx_record_too_long

Resolution

Ensure APACHE_SERVER_FLAG="  SSL" in the /etc/sysconfig/apache2.

Recreate the apache2 certificates.  Usually these certificates are good and the problem is with Apache configuration.  First rule out the eDirectory certs and certs on the file system. The certificate-recreation-script is an easy way to ensure the apache2 certificate along with the iPrint, and lum certs are updated.

/etc/ssl/servercerts/serverkey.pem
/etc/ssl/servercerts/servercert.pem
/etc/opt/novell/certs/SSCert.pem 
/etc/opt/novell/certs/SSCert.der 
/var/lib/novell-lum/x.x.x.x.der

Once these certificates are recreated and secure ldap is working move on to Apache2.
Look for files that have been modified recently (ll -tr /etc/apache2 or ll -trR /etc/apache2)

Files to look for are:
/etc/apache2/apache2.conf
/etc/apache2/default-server.conf
/etc/apache2/vhosts.d/vhost-ssl.conf
/etc/apache2/sysconfig.d/loadmodule.conf

Compare these files with a working version.

In this case the /etc/apache2/vhosts.d/vhost-ssl.conf and been renamed to /etc/apache2/vhosts.d/vhost-ssl.conf.bk
Renaming back to /etc/apache2/vhosts.d/vhost-ssl.conf and restarting apache2 (rcapache2 restart) resolved the issue.

Additional Information

For OES2018
If the server has been upgraded from an earlier version to OES2018, a new folder, YaSTsave is created and the vhost-ssl.conf file is moved to that folder.  Moving the vhost-ssl.conf file back to the vhosts.d folder and restart apache with the command:
systemctl restart apache2  

This has been reported to engineering.