Cool Solutions

Enable ZCC Login Access to the ZLM Server after Expiration of (eDir) LDAP Server SSL Certificate



By:

December 16, 2009 11:28 am

Reads: 6604

Comments:0

Score:0

Contents:

Problem

The administrator is unable to login into the ZCC UI of the installed ZLM Server. This is caused as the LDAP Server’s SSL certificate is expired after two years of ZENworks 7.x Linux Management Server installation. On the ZLM Server’s Tomcat log file (Catalina.out) , the error reported like ‘java.security.cert.CertificateNotYetValidException’ or ZENserver tries to communicate to e-Directory at localhost and port 389 with error like :
LifecycleException: Exception opening directory server connection: javax.naming.CommunicationException: localhost:389

System Environment

ZENworks 7.2 Linux Management Server
ZENworks 7.3 Linux Management Server

Solution

Steps to create a new SSL Server Certificate on the existing ZLM Server

Following are the steps to create the SSL Server Certificate for an extended validity period of five years . The default Server certificate for LDAP Server is valid for a period of two years only.

  1. Login to the e-Directory Tree on the ZLM Server by using ConsoleOne tool , Click on the currently configured NDS tree named as ZONE-TREE and then select the System container under the NDS tree.
  2. Click to view

    Figure 1

  3. Select and right click on the System container and choose option New and then Object i.e. (System->New->Object) . In the Object dialog box, choose to create the NDSPKI:Key Material object and click on the OK button.
  4. Click to view

    Figure 2

  5. In the Next dialog box, give the Certificate name e.g. ZLM_TEST-server-certificate
    and select the Creation method as Custom and then click on Next button. Now, choose the default option Organizational certificate authority and click on the Next button.
  6. Click to view

    Figure 3

  7. Choose the desired Key Size default is ’2048 bits’ (other options are 512 bits, 768 bits, 1024 bits) and choose the Type as ‘SSL or TLS’ and click on the Next button.
  8. Click to view

    Figure 4

  9. Under ‘Specify the certificate parameters’ option , choose the Validity Period as needed, say 5 years ( options available are 6 months, 1 year, 2 years, Maximum, Specify dates) and then Click on the Next button.
  10. Click to view

    Figure 5

  11. In the next window, choose the option Your organization’s certificate and click on Next button. Finally click on the Finish button to complete the creation steps.
  12. Click to view

    Figure 6

Steps to assign the new SSL Server Certificate to the existing LDAP Server

Following are the steps to assign the new SSL Server Certificate created above to the LDAP server, so that the certificate expiration date is extended by five years on the ZLM Server:

  1. Click on the currently used LDAP Server object present under System container of the ZLM Tree . For example: System->LDAP Server-SLES11-x64.
  2. Click to view

    Figure 7

  3. Right click on the LDAP Server object and choose the Properties option. Under the Properties dialog box, select the SSL/TLS Configuration tab.
  4. Click to view

    Figure 8

  5. Browse to select the new Server Certificate as created earlier i.e. ZLM_TEST-server-certificate. Finally click OK and Apply button to save the changes during assignment
  6. Click to view

    Figure 9

  7. On the ZLM server, restart the zlm services by using zlm-config –restart command and then user is allowed re-login to ZCC.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS