Solved

How do I recreate the SSL Certificates on a Novell OES Suse Linux Server?

Posted on 2008-10-16
7
5,564 Views
Last Modified: 2013-12-24
This has happend before to my linux system, but I cannot remember the solution.
It starts on the main console login to the server.
In the left pannel, a list of users is normally displayed, but now are missing.
I cannot login using any user name except root to the server.
I can use the server from any xp client, so the file sharing is still working.

if I use internet Explorer and goto https://xx.xx.xx.xx:636 on a server that works I get
"The security certificate date is valid"
if I use the same, on the broken server I get:
"The security certificate has expired or is not yet valid."

I think the solution had something to do with deleting the SSL Certificates in ConsoleOne and recreating them. (Possibly deleting LDAP in ConsoleOne also.)

I tried the procedure from
http://wiki.novell.com/index.php/Linux_pkidiag_process
to recreate the Certificates,
When I enter
ndsconfig upgrade
I get an error

Configuring Novell eDirectory server with the following parameters
  Admin name = admin
  dbdir path = /var/nds/dib
Name resolution failed: Error = -601
Checking the status of LDAP services...
Novell eDirectory LDAP Server TCP port is listening.
Novell edirectory LDAP server TLS is listening.

Any idea of how to get rid of this error and fix the certificate?
0
Comment
Question by:mjkdhb
  • 4
  • 3
7 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22733711
Double check your time, date and make sure it is correct.

Verify that cert is actually still in its valid time period (I'm guessing it is as otherwise it would probalby report an expired message instead).  Was this a newly issued cert?

This is probably it:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7000444&sliceId=1&docTypeID=DT_TID_1_1

Are you using Java?
http://java.com/en/download/help/cacerts.xml
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22733731
Sorry on the java reference... got a little carried away on the error, wasn't thinking ldap!
0
 

Author Comment

by:mjkdhb
ID: 22735114
Thanks for your response.

I never installed a certificate on the server.  Imanager comes up with a message box complaining about the certificate, but I just press OK and it works fine.

Somehow LDAP and the certificate(the default one installed during server setup) got corrupted, which prevents me from logging into the server.


Just to add
In the /var/log/messages file
I am getting messages like
smbd[4090]: nds_nss_GetGroupsbyMember: failed to init socket, status=0
smbd[4090] [date] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
smbd[4090]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: NDS error: no additional information available (-306) (Invalid syntax)

Thanks
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 31

Expert Comment

by:Paranormastic
ID: 22735533
0
 

Author Comment

by:mjkdhb
ID: 22745096
Thanks
In step 6.b it asks to select the certificate.
I removed the certificate in order to fix the problem. So I cannot select the certificate.
6.c indicates if there is a problem you can regenerate it.  That is what I am trying to do.
How do I regenerate it?
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 500 total points
ID: 22771690
Since you are not worried about keeping any of the previous keysets as the associated cert is gone, make sure you do the previous steps, but then skip over #6, so go from #5 to #7.
0
 

Accepted Solution

by:
mjkdhb earned 0 total points
ID: 22777260
From Step #7 I ran this:
./certificate-creation.sh -c -r

I could not use the -f option since I did not have a file to use.

This ran in the script
/usr/bin/namconfig -k
from what I can tell

It then restarted a number of services
I checked ConsoleOne, No SSL CertificateDNS or SSL CertificatIP showed up.
I rebooted
I checked ConsoleOne, No SSL CertificateDNS or SSL CertificatIP showed up.

I reran the following like I did before a number of times just to see what would happen:
ndsconfig upgrade

This time it worked.

ConsoleOne had a new SSL CertificateDNS and SSL CertificateIP.
and I can log into the console again.
Great.

Possible fixes to the solution that I can see.
1.  login problem fixed
2.  Namconfig fixed somthing
3.  Restarting the services fixed the problem
4.  Rebooting
5.  Some combination of these

Thanks for your help.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Creating and Managing Databases with phpMyAdmin in cPanel.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now