Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do I recreate the SSL Certificates on a Novell OES Suse Linux Server?

Posted on 2008-10-16
7
Medium Priority
?
5,814 Views
Last Modified: 2013-12-24
This has happend before to my linux system, but I cannot remember the solution.
It starts on the main console login to the server.
In the left pannel, a list of users is normally displayed, but now are missing.
I cannot login using any user name except root to the server.
I can use the server from any xp client, so the file sharing is still working.

if I use internet Explorer and goto https://xx.xx.xx.xx:636 on a server that works I get
"The security certificate date is valid"
if I use the same, on the broken server I get:
"The security certificate has expired or is not yet valid."

I think the solution had something to do with deleting the SSL Certificates in ConsoleOne and recreating them. (Possibly deleting LDAP in ConsoleOne also.)

I tried the procedure from
http://wiki.novell.com/index.php/Linux_pkidiag_process
to recreate the Certificates,
When I enter
ndsconfig upgrade
I get an error

Configuring Novell eDirectory server with the following parameters
  Admin name = admin
  dbdir path = /var/nds/dib
Name resolution failed: Error = -601
Checking the status of LDAP services...
Novell eDirectory LDAP Server TCP port is listening.
Novell edirectory LDAP server TLS is listening.

Any idea of how to get rid of this error and fix the certificate?
0
Comment
Question by:mjkdhb
  • 4
  • 3
7 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22733711
Double check your time, date and make sure it is correct.

Verify that cert is actually still in its valid time period (I'm guessing it is as otherwise it would probalby report an expired message instead).  Was this a newly issued cert?

This is probably it:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7000444&sliceId=1&docTypeID=DT_TID_1_1

Are you using Java?
http://java.com/en/download/help/cacerts.xml
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22733731
Sorry on the java reference... got a little carried away on the error, wasn't thinking ldap!
0
 

Author Comment

by:mjkdhb
ID: 22735114
Thanks for your response.

I never installed a certificate on the server.  Imanager comes up with a message box complaining about the certificate, but I just press OK and it works fine.

Somehow LDAP and the certificate(the default one installed during server setup) got corrupted, which prevents me from logging into the server.


Just to add
In the /var/log/messages file
I am getting messages like
smbd[4090]: nds_nss_GetGroupsbyMember: failed to init socket, status=0
smbd[4090] [date] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
smbd[4090]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: NDS error: no additional information available (-306) (Invalid syntax)

Thanks
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 31

Expert Comment

by:Paranormastic
ID: 22735533
0
 

Author Comment

by:mjkdhb
ID: 22745096
Thanks
In step 6.b it asks to select the certificate.
I removed the certificate in order to fix the problem. So I cannot select the certificate.
6.c indicates if there is a problem you can regenerate it.  That is what I am trying to do.
How do I regenerate it?
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 2000 total points
ID: 22771690
Since you are not worried about keeping any of the previous keysets as the associated cert is gone, make sure you do the previous steps, but then skip over #6, so go from #5 to #7.
0
 

Accepted Solution

by:
mjkdhb earned 0 total points
ID: 22777260
From Step #7 I ran this:
./certificate-creation.sh -c -r

I could not use the -f option since I did not have a file to use.

This ran in the script
/usr/bin/namconfig -k
from what I can tell

It then restarted a number of services
I checked ConsoleOne, No SSL CertificateDNS or SSL CertificatIP showed up.
I rebooted
I checked ConsoleOne, No SSL CertificateDNS or SSL CertificatIP showed up.

I reran the following like I did before a number of times just to see what would happen:
ndsconfig upgrade

This time it worked.

ConsoleOne had a new SSL CertificateDNS and SSL CertificateIP.
and I can log into the console again.
Great.

Possible fixes to the solution that I can see.
1.  login problem fixed
2.  Namconfig fixed somthing
3.  Restarting the services fixed the problem
4.  Rebooting
5.  Some combination of these

Thanks for your help.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question