Environment
NetWareNovell NetWare 6.5 Support Pack 6
Novell eDirectory 8.7.3.9 for NetWare 6.5
Novell Modular Authentication Service (NMAS) version 3.2.0
Novell Certificate Server (PKIS) 3.3
NTLS 2.0.2
Novell iManager 2.6
Novell eDirectory 8.7.3.9 for NetWare 6.5
Novell Modular Authentication Service (NMAS) version 3.2.0
Novell Certificate Server (PKIS) 3.3
NTLS 2.0.2
Novell iManager 2.6
Situation
A new Certificate Authority (CA) was created. The .keystore is invalid and needs to be recreated.
Running tckeygen to create the .keystore for tomcat fails with the error "SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message - SSL alert number 10"
The ldap trace shows the following:
LDAP: [2007/10/08 12:53:20] DoTLSHandshake on connection 0x8fbde0e0
LDAP: [2007/10/08 12:53:20] TLS accept failure 1 on connection 0x8fbde0e0, setting err = -5875. Error stack: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message - SSL alert number 10
LDAP: [2007/10/08 12:53:20] TLS handshake failed on connection 0x8fbde0e0, err = -5875
LDAP: [2007/10/08 12:53:20] BIO ctrl called with unknown cmd 7
LDAP: [2007/10/08 12:53:20] Server closing connection 0x8fbde0e0, socket error = -5875
LDAP: [2007/10/08 12:53:20] Connection 0x8fbde0e0 closed
Note: Secure LDAP works and TLS is not required for simple passwords.
Running tckeygen to create the .keystore for tomcat fails with the error "SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message - SSL alert number 10"
The ldap trace shows the following:
LDAP: [2007/10/08 12:53:20] DoTLSHandshake on connection 0x8fbde0e0
LDAP: [2007/10/08 12:53:20] TLS accept failure 1 on connection 0x8fbde0e0, setting err = -5875. Error stack: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message - SSL alert number 10
LDAP: [2007/10/08 12:53:20] TLS handshake failed on connection 0x8fbde0e0, err = -5875
LDAP: [2007/10/08 12:53:20] BIO ctrl called with unknown cmd 7
LDAP: [2007/10/08 12:53:20] Server closing connection 0x8fbde0e0, socket error = -5875
LDAP: [2007/10/08 12:53:20] Connection 0x8fbde0e0 closed
Note: Secure LDAP works and TLS is not required for simple passwords.
Resolution
The issue appears to be with tckeygen and tomcat.
The current work around is to use another server as the iManager server or re-install iManager and tomcat.
The current work around is to use another server as the iManager server or re-install iManager and tomcat.
