Environment
Novell iManager 2.5
Novell iManager 2.6
Novell NetStorage
Novell Open Enterprise Server (OES)
Situation
When you connect a browser to iManager you sometimes get
security warning pop up windows. Because of the SSL (https)
connection required, the browser shows you anything it finds
questionable about the certificate it gets back from the server.
You can examine the certificate in more detail, and then decide to
accept or reject the connection. You might be so used to clicking
off these pop up windows, that you don't specifically remember what
they say.
One of the things they typically say is that the certificate returned has a different name than the URL you connected to. This can happen if you connect using an IP address, and the certificate contains the DNS name (or the reverse
situation). Some of the iManager tasks require the plug-in to contact NetStorage. The plug-in uses the server name that the browser used to reach iManager and opens an internal https connection to NetStorage on the same box. If the SSL certificate does not contain a name that iManager can determine is indeed the same destination, then the https connection is aborted, and the plug-in is unable to process the request.
So the problem you see is expected behavior anytime there is a possible security violation. You are asking for admin information, and you may not be the admin, or you may be connecting to an impostor NetStorage. This problem usually occurs when the browser uses a different address than that on the SSL Certificate.
One of the things they typically say is that the certificate returned has a different name than the URL you connected to. This can happen if you connect using an IP address, and the certificate contains the DNS name (or the reverse
situation). Some of the iManager tasks require the plug-in to contact NetStorage. The plug-in uses the server name that the browser used to reach iManager and opens an internal https connection to NetStorage on the same box. If the SSL certificate does not contain a name that iManager can determine is indeed the same destination, then the https connection is aborted, and the plug-in is unable to process the request.
So the problem you see is expected behavior anytime there is a possible security violation. You are asking for admin information, and you may not be the admin, or you may be connecting to an impostor NetStorage. This problem usually occurs when the browser uses a different address than that on the SSL Certificate.
Resolution
If the server (on which iManager is running) cannot
resolve the servers name to an IP address, then that
would be one reason for the error. More likely, iManager does not
like the SSL Certificate that comes back. The most likely reason
for that is that the name on the certificate does not match the
name on the URL. We cannot use any internal pop-ups like
browsers do, so any problem with the SSL Certificate results in
failure to connect. The plug-in doesn't know why it failed, but
knows that it did fail and returns the generic "Service not
available. Possible cause: Unauthorized" message to the
browser.
If you want to use a DNS name to access iManager and perform NetStorage tasks, then you must create the server's SSL Certificate with the full DNS name of the server, and use that full DNS name in your browser. The full DNS name would be something like"oes.lab.novell.com", not the short name "oes". Remember that the browser and the iManager server may use different DNS servers to resolve names. The browser may successfully resolve a short name (oes) to the correct IP address while the server cannot. If the name used in the URL to access iManager cannot be resolved from the server, access will fail.
If you want to use a DNS name to access iManager and perform NetStorage tasks, then you must create the server's SSL Certificate with the full DNS name of the server, and use that full DNS name in your browser. The full DNS name would be something like"oes.lab.novell.com", not the short name "oes". Remember that the browser and the iManager server may use different DNS servers to resolve names. The browser may successfully resolve a short name (oes) to the correct IP address while the server cannot. If the name used in the URL to access iManager cannot be resolved from the server, access will fail.