SMT stops working after NetIQ Access Gateway Service has been installed on SLE 12 / 12.1

  • Document ID:7017541
  • Creation Date:27-Apr-2016
  • Modified Date:29-Sep-2016
    • Micro Focus Products:
      Access Manager (NAM)

Environment

  • NetIQ Access Manager 4.2
  • NetIQ Access Manager 4.2 Access Gateway Service
  • NetIQ Access Gateway Service version 4.2.1 has been installed on a fresh SLES 12.1 installation.

Situation

  • SLES 12 can not be registered any more to the configured SMT server after the Access Gateway Service has been installed.

  • SUSEConnect returns:

    SSL verification failed: self signed certificate in certificate chain
    Certificate issuer: /C=DE/CN=YaST Default CA (sles11sp3)/emailAddress=postmaster@microfocus.com
    Certificate subject: /C=DE/CN=YaST Default CA (sles11sp3)/emailAddress=postmaster@microfocus.com
    SUSEConnect error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

  • runing openssl returns:

    "WARNING: can't open config file: /root/FIPS_1.0.1s/Linux_x86_64/ssl/openssl.cnf

  • Executing 'zypper –no-refresh patch-check' returns:

    /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require': /usr/lib64/ruby/2.1.0/x86_64-linux-gnu/openssl.so: undefined symbol: SSLv2_method - /usr/lib64/ruby/2.1.0/x86_64-linux-gnu/openssl.so (LoadError)
         from /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
         from /usr/lib64/ruby/2.1.0/openssl.rb:17:in `<top (required)>'
         from /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
         from /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
         from /usr/lib64/ruby/gems/2.1.0/gems/suse-connect-0.2.34/lib/suse/connect/connection.rb:1:in `<top (required)>'
         from /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
         from /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
         from /usr/lib64/ruby/gems/2.1.0/gems/suse-connect-0.2.34/lib/suse/connect.rb:9:in `<module:Connect>'
         from /usr/lib64/ruby/gems/2.1.0/gems/suse-connect-0.2.34/lib/suse/connect.rb:3:in `<module:SUSE>'
         from /usr/lib64/ruby/gems/2.1.0/gems/suse-connect-0.2.34/lib/suse/connect.rb:1:in `<top (required)>'
         from /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:135:in `require'
         from /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:135:in `rescue in require'
         from /usr/lib64/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:144:in `require'
         from /usr/lib/zypper/commands/zypper-migration:5:in `<main>'
    '/usr/lib/zypper/commands/zypper-migration' exited with status 1

Resolution

  • Add the "OPENSSL_CONF=/etc/ssl" ENV variable to the end of your "/etc/profile.local" file
    -------------------------------------------------------
    .....
    .....
    export OPENSSL_CONF=/etc/ssl
    #
    # End of /etc/profile
    -------------------------------------------------------
  • Close you terminal session and start a new one
  • Check if the variable is set: env | grep OPENSSL-CONF

  • In case SUSEConnect still throws the SSL verification error message, please issue the following 3 commands:
  1. mkdir –p /root/1.0.1s/Linux_x86_64
  2. cd /root/1.0.1s/Linux_x86_64
  3. ln –s /etc/ssl
  • Please note that 1.0.1t is the version of openSSL that has been installed by NAM. This version might differ, hence the path should be changed accordingly.

  • This issue has been addressed to engineering

Cause

  • The OpenSSL Version shipped with NAM has by accident a hard coded opensslconfiguration file path reference: " /root/FIPS_1.0.1s/Linux_x86_64/ssl/openssl.cnf" which can be overwritten using the "OPENSSL-CONF" variable.