Environment
Novell Certificate Server (PKIS) 3.1.1
Novell Certificate Server (PKIS) 2.79
Novell eDirectory 8.7.3.8 for All Platforms
Situation
The Softerra 2.x browser is unable to connect to eDirectory's LDAP
services over a secure connection.
Attempts to connect result in " [Error 91]: Can't connect to the LDAP server ".
Attempts to connect result in " [Error 91]: Can't connect to the LDAP server ".
Resolution
Softerra's 2.x LDAP browser uses a cert7.db certificate store
format. Attempts to import and export the certificate using
MicroSoft's Internet Explorer or Firefox fail as these browsers use
a cert8.db store format. The legacy NetScape browser must be
used to perform the import as it uses the cert7.db format.
Below are the steps involved:
1. Download and install the 4.x Netscape browser. This can be found at:
http://browser.netscape.com/ns8/download/archive47x.jsp
2. Run the browser and connect to the secure LDAP port of your server.
Example: https://myserver:636
3. There will be a certificate acceptance prompt displayed. Follow the instructions provided in the dialogs to accept the certificate for this and future sessions. This will import the public key of the LDAP server into the NetScape browser cert7 certificate store.
4. Close the browser. Copy the Netscape cert7.db and key3.db files to the Softerra Program directory. The default locations are:
c:\Program Files\Netscape\Users\default
c:\Program Files\Softerra\LDAP Browser 2.6
5. Start the Softerra LDAP browser.
6. Open the server profile setup and make the following changes:
Ensure the correct LDAP secure port is shown in the General tab then press apply.
Make sure the checkbox is enabled for Try to use SSL in the LDAP settings dialog then press OK.
LDAP SSL connections should now be successful.
1. Download and install the 4.x Netscape browser. This can be found at:
http://browser.netscape.com/ns8/download/archive47x.jsp
2. Run the browser and connect to the secure LDAP port of your server.
Example: https://myserver:636
3. There will be a certificate acceptance prompt displayed. Follow the instructions provided in the dialogs to accept the certificate for this and future sessions. This will import the public key of the LDAP server into the NetScape browser cert7 certificate store.
4. Close the browser. Copy the Netscape cert7.db and key3.db files to the Softerra Program directory. The default locations are:
c:\Program Files\Netscape\Users\default
c:\Program Files\Softerra\LDAP Browser 2.6
5. Start the Softerra LDAP browser.
6. Open the server profile setup and make the following changes:
Ensure the correct LDAP secure port is shown in the General tab then press apply.
Make sure the checkbox is enabled for Try to use SSL in the LDAP settings dialog then press OK.
LDAP SSL connections should now be successful.