Correcting Expired Certificates in the iFolder 3.x KeyStore

  • 3248305
  • 02-Jan-2007
  • 26-Apr-2012


Novell Open Enterprise Server (OES) Support Pack 1 Linux
iFolder 3.x


A certificate has been changed in eDirectory (or on the LDAP server), and iFolder 3.x has stopped functioning. The certificate is regenerated or repaired, but iFolder 3.x continues to be non-functional.


The certificate must be deleted and then repaired. This is done by :
  1. certmgr -list -c -m Trust
    This command gives a list of the current certificates listed. The certificate in question may still show up as a valid certificate. However, if it does not match the certificate on the LDAP server, the connection will fail.
  2. certmgr -del -c -m Trust {the unique hash value of the cert to delete}
    This command should be run with the unique hash value of the certificate from the previous step - and should refer to the server that had the certificate repair performed.
  3. /etc/init.d/apache2 stop
    This command stops apache and Simias services. If not performed, Simias (and Mono) will continue to recognize that the certificate is still in the keystore.
  4. certmgr -ssl ldaps:// -c -m Trust
    The above command will import the new certificate from the ldap server at the IP address of (change this to an appropriate IP address). When running this command, the prompt to import the certificate will occur at least twice. Answer yes to both times.
  5. /etc/init.d/apache2 start
    This command restarts the Apache, Mono, and Simias (iFolder 3.x) services, and should have the iFolder 3.x system operational.