Novell Tomcat on NetWare 4.0
Novell NetWare 6.5
Novell NetWare 6.5
The following error is encountered on the LOGGER screen after running TCKEYGEN :
Exporting the Host certificate from:localhost
Error importing certificate to keystore: sys:\adminsrv\conf\.keystore
com.novell.ecb.CommandException: peer not authenticated
at com.novell.ecb.security.RetrieveHostCertificates.retrieveHostCertificates(Unknown Source)
at com.novell.ecb.security.RetrieveHostCertificates.execute(Unknown Source)
This is a result of the LDAP server requiring specific criteria to be met, and should be resolvable using the following process :
- Open the "LDAP Server - SERVERNAME" object using ConsoleOne .
- Click onto the "NDS Rights" tab (the sub tab should be"Trustees of this Object").
- Ensure that the NCP Server object is listed as a trustee. If not, add it.
- Select the NCP Server object in the trustee list and click on"Assigned Rights".
- Ensure that "[All Attributes Rights]" is in the property list, and that the assigned rights are "Supervisor", "Compare", "Read","Write", and "Add Self". Simply, all rights should be given.
- Ensure that "[Entry Rights]" is in the property list, and that all assigned rights are given (e.g., "Supervisor", "Browse","Create" (should be grayed out), "Rename", and "Delete" should all be checked).
- Click "OK".
- Click onto the "SSL/TLS Configuration" tab.
- Ensure that "Client Certificate" is set to "Not Requested" (or"Requested") and not "Required".
- Populate the SSL Certificate field with the server's "SSL CertificateDNS", (even if you're not requiring SSL).
- Apply the settings (it may be desired to unload and reload the NLDAP module to ensure that it has refreshed).
- Rerun the TCKEYGEN utility.
"Peer Not Authenticated" is an SSL error that occurs during the SSL handshake. If the certificate is valid and this error occurs, it is typically a result of the NLDAP's SSL handshake due to a missing parameter, which may result from insufficient rights to read the parameters. "Peer Not Authenticated" typically translates to "I could not validate a certificate due to either a missing certificate or an invalid certificate authority".
Added the step "Populate the SSL Certificate field with the server's "SSL CertificateDNS", (even if you're not requiring SSL)." per SR# 10497575951.