• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5859
  • Last Modified:

How do I recreate the SSL Certificates on a Novell OES Suse Linux Server?

This has happend before to my linux system, but I cannot remember the solution.
It starts on the main console login to the server.
In the left pannel, a list of users is normally displayed, but now are missing.
I cannot login using any user name except root to the server.
I can use the server from any xp client, so the file sharing is still working.

if I use internet Explorer and goto https://xx.xx.xx.xx:636 on a server that works I get
"The security certificate date is valid"
if I use the same, on the broken server I get:
"The security certificate has expired or is not yet valid."

I think the solution had something to do with deleting the SSL Certificates in ConsoleOne and recreating them. (Possibly deleting LDAP in ConsoleOne also.)

I tried the procedure from
http://wiki.novell.com/index.php/Linux_pkidiag_process
to recreate the Certificates,
When I enter
ndsconfig upgrade
I get an error

Configuring Novell eDirectory server with the following parameters
  Admin name = admin
  dbdir path = /var/nds/dib
Name resolution failed: Error = -601
Checking the status of LDAP services...
Novell eDirectory LDAP Server TCP port is listening.
Novell edirectory LDAP server TLS is listening.

Any idea of how to get rid of this error and fix the certificate?
0
mjkdhb
Asked:
mjkdhb
  • 4
  • 3
2 Solutions
 
ParanormasticCryptographic EngineerCommented:
Double check your time, date and make sure it is correct.

Verify that cert is actually still in its valid time period (I'm guessing it is as otherwise it would probalby report an expired message instead).  Was this a newly issued cert?

This is probably it:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7000444&sliceId=1&docTypeID=DT_TID_1_1

Are you using Java?
http://java.com/en/download/help/cacerts.xml
0
 
ParanormasticCryptographic EngineerCommented:
Sorry on the java reference... got a little carried away on the error, wasn't thinking ldap!
0
 
mjkdhbAuthor Commented:
Thanks for your response.

I never installed a certificate on the server.  Imanager comes up with a message box complaining about the certificate, but I just press OK and it works fine.

Somehow LDAP and the certificate(the default one installed during server setup) got corrupted, which prevents me from logging into the server.


Just to add
In the /var/log/messages file
I am getting messages like
smbd[4090]: nds_nss_GetGroupsbyMember: failed to init socket, status=0
smbd[4090] [date] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
smbd[4090]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: NDS error: no additional information available (-306) (Invalid syntax)

Thanks
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
ParanormasticCryptographic EngineerCommented:
0
 
mjkdhbAuthor Commented:
Thanks
In step 6.b it asks to select the certificate.
I removed the certificate in order to fix the problem. So I cannot select the certificate.
6.c indicates if there is a problem you can regenerate it.  That is what I am trying to do.
How do I regenerate it?
0
 
ParanormasticCryptographic EngineerCommented:
Since you are not worried about keeping any of the previous keysets as the associated cert is gone, make sure you do the previous steps, but then skip over #6, so go from #5 to #7.
0
 
mjkdhbAuthor Commented:
From Step #7 I ran this:
./certificate-creation.sh -c -r

I could not use the -f option since I did not have a file to use.

This ran in the script
/usr/bin/namconfig -k
from what I can tell

It then restarted a number of services
I checked ConsoleOne, No SSL CertificateDNS or SSL CertificatIP showed up.
I rebooted
I checked ConsoleOne, No SSL CertificateDNS or SSL CertificatIP showed up.

I reran the following like I did before a number of times just to see what would happen:
ndsconfig upgrade

This time it worked.

ConsoleOne had a new SSL CertificateDNS and SSL CertificateIP.
and I can log into the console again.
Great.

Possible fixes to the solution that I can see.
1.  login problem fixed
2.  Namconfig fixed somthing
3.  Restarting the services fixed the problem
4.  Rebooting
5.  Some combination of these

Thanks for your help.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now