Importing certificate to keystore after eDirectory CA recreation

  • 7006793
  • 06-Sep-2010
  • 07-Feb-2014

Environment

Novell eDirectory 8.7
Novell eDirectory 8.8
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Workgroup Suite (NOWS)
Novell Open Workgroup Suite Small Business Edition (NOWS SBE)
SUSE Linux Enterprise Server 9
SUSE Linux Enterprise Server 10
Novell NetStorage

Situation

After CA recreation in eDirectory the Catalina.out file shows the error " Caused by: java.security.cert.CertPathValidatorException: The certificate issued by OU=Organizational CA, O=Novell is not trusted; "

Resolution

  1. From iManager or ConsoleOne
  2. Go to CA properties.
  3. Under Certificates export the Self Signed Certificates with the name trustedrootcert.der and save it to the filesystem.
  4. Copy the trustedrootcert.der to the linux filesystem.
  5. Use the keytool utility to import the trustedrootcert.der to the keystore file /var/opt/novell/tomcat5/conf/cacerts with the following command
    keytool -import -alias <alias_name> -file <location of exported der file> -keystore /var/opt/novell/tomcat5/conf/cacerts
  6. Restart eDirectory with the rcndsd restart command
  7. Restart Tomcat (command varies with platform. Usually something like rctomcat5 restart)
  8. Verify that the error is gone by checking the Catalina.out file and doing the required operation.