Context list is empty when browsing for eDirectory context in NURM

  • 7023269
  • 14-Aug-2018
  • 15-Jan-2019

Environment

Open Enterprise Server 2018 (OES 2018) Linux
Open Enterprise Server 2015 (OES 2015) Linux Support Pack 1
Open Enterprise Server 2015 (OES 2015) Linux

Situation

Context list is empty when browsing for eDirectory context in NURM

Resolution

In order to browse for the eDirectory context in NURM, the edir_root_ca cert must exist in the /etc/alternatives/jre/lib/security/cacerts certificate store and contain a valid eDir CA cert. Follow this process to create the needed CA cert:
 
Verify CA Certificate
  1. Run this command to make sure the CA has not expired:
    • openssl x509 -in /etc/opt/novell/certs/SSCert.der -inform der -noout -text |grep "Not After"

  2. If the CA has expired, you will need to recreate the CA in iManager and export it to the server using this document: https://www.novell.com/communities/coolsolutions/cool_tools/certificate-recreation-script-oes1-and-oes2/

Remove any existing edir_root_ca

Run these commands to remove any existing edir_root_ca certs from the stores:
 
OES2018:
  • ST="-keystore /etc/alternatives/jre/lib/security/cacerts -storepass changeit"; keytool $ST -list |grep edir |cut -d\, -f1 |while read EC; do echo $EC; keytool $ST -delete -alias $EC; done
  • ST="-keystore /var/opt/novell/tomcat/conf/cacerts -storepass changeit"; keytool $ST -list |grep edir |cut -d\, -f1 |while read EC; do echo $EC; keytool $ST -delete -alias $EC; done
OES2015:
  • ST="-keystore /etc/alternatives/jre/lib/security/cacerts -storepass changeit"; keytool $ST -list |grep edir |cut -d\, -f1 |while read EC; do echo $EC; keytool $ST -delete -alias $EC; done
  • ST="-keystore /var/opt/novell/tomcat6/conf/cacerts -storepass changeit"; keytool $ST -list |grep edir |cut -d\, -f1 |while read EC; do echo $EC; keytool $ST -delete -alias $EC; done
 
Create edir_root_ca

Run this command to add the edir_root_ca cert to the stores:
  • /opt/novell/eDirectory/sbin/keystore_setup.sh
 
Restart Tomcat
 
OES2015:  rcnovell-tomcat6 restart
OES2018:  rcnovell-tomcat restart