Environment
Open Enterprise Server Linux
iFolder 3.x
Apache
iFolder 3.x
Apache
Situation
symptoms:
1. iFolder 3 clients cannot login to the server, getting error: "An error was encountered while connecting to iFolder"
2. when connecting to iFolder 3 administration plugin in iManager getting this error:
"AxisFault faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode: faultString: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateExpiredException: NotAfter: Thu Dec 21
21:47:50 EST 2006 faultActor: faultNode: faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeExcept
ion: java.security.cert.CertificateExpiredException: NotAfter: Thu Dec
21 21:47:50 EST 2006 at
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at..."
3. The certificate for the apache that runs iFolder 3 is expired. It needs to be renewed.
1. iFolder 3 clients cannot login to the server, getting error: "An error was encountered while connecting to iFolder"
2. when connecting to iFolder 3 administration plugin in iManager getting this error:
"AxisFault faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode: faultString: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateExpiredException: NotAfter: Thu Dec 21
21:47:50 EST 2006 faultActor: faultNode: faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeExcept
ion: java.security.cert.CertificateExpiredException: NotAfter: Thu Dec
21 21:47:50 EST 2006 at
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at..."
3. The certificate for the apache that runs iFolder 3 is expired. It needs to be renewed.
Resolution
1. Before you renew the expired certificates on the apache that
runs ifolder 3, do this first! Back up this file
/var/lib/wwwrun/.local/share/simias/Simias.config
after we renew certificates, this file gets corrupted. The problem has been reported to engineering. Backing up the file is a temporary workaround.
2. Go to Yast -> security and users -> CA Management -> YaST_Default_CA -> Enter CA
3. You will need to provide a password that you setup your CA with, during the time it was created
4. Go to Certificates -> Add -> Add Server Certificate
5. Go through and fill out all the info for your new Certificate and create it.
6. Once the certificate has been created, click on it and go to Export -> Export as Common Server Certificate
7. The certificate will get exported to /etc/ssl/servercerts directory into servercert.pem and serverkey.pem files.
8. Check these directives in /etc/apache2/vhost.d/vhost-ssl.conf to make sure that they point to this location
SSLCertificateFile
SSLCertificateKeyFile
if these two directives point to a different location on your server, copy the exported certificate files from /etc/ssl/servercerts to the location that directives point to.
9. Restart apache by running "rcapache2 restart"
10. Copy Simias.config back to
/var/lib/wwwrun/.local/share/simias directory
11. Restart apache again.
12. At this point you should be able to connent to iFolder 3 with your clients and access your iFolder 3 administration page in iManager.
/var/lib/wwwrun/.local/share/simias/Simias.config
after we renew certificates, this file gets corrupted. The problem has been reported to engineering. Backing up the file is a temporary workaround.
2. Go to Yast -> security and users -> CA Management -> YaST_Default_CA -> Enter CA
3. You will need to provide a password that you setup your CA with, during the time it was created
4. Go to Certificates -> Add -> Add Server Certificate
5. Go through and fill out all the info for your new Certificate and create it.
6. Once the certificate has been created, click on it and go to Export -> Export as Common Server Certificate
7. The certificate will get exported to /etc/ssl/servercerts directory into servercert.pem and serverkey.pem files.
8. Check these directives in /etc/apache2/vhost.d/vhost-ssl.conf to make sure that they point to this location
SSLCertificateFile
SSLCertificateKeyFile
if these two directives point to a different location on your server, copy the exported certificate files from /etc/ssl/servercerts to the location that directives point to.
9. Restart apache by running "rcapache2 restart"
10. Copy Simias.config back to
/var/lib/wwwrun/.local/share/simias directory
11. Restart apache again.
12. At this point you should be able to connent to iFolder 3 with your clients and access your iFolder 3 administration page in iManager.
Additional Information
If you recreated the certificates before you backed up Simias.config, and it is no longer there, you may have to pull it up from a regular server backup.
If this is no longer an option you will have to reconfigure your ifolder.
If this is no longer an option you will have to reconfigure your ifolder.