Environment
Novell Identity Manager Driver - eDirectory (all versions)
Situation
After manually creating certificates for the eDirectory to eDirectory driver, as explained in TID 3578820 - Manually Creating NDS-to-NDS eDirectory Driver Certificates with ConsoleOne, the following error messages are seen in DSTrace:
Subscriber side:
java.io.IOException: SSL handshake failed, X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
Publisher side:
java.io.IOException: SSL handshake failed, SSL_ERROR_ZERO_RETURN, error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Subscriber side:
java.io.IOException: SSL handshake failed, X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
Publisher side:
java.io.IOException: SSL handshake failed, SSL_ERROR_ZERO_RETURN, error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Resolution
At step 20 of KB 3578820 ("Enter the filename of the Trusted Root certificate you exported from the first tree, then click Next."), import the Self Signed Certificate you exported from the first tree.
Additional Information
Root Cause
At step 20 of KB 3578820 ("Enter the filename of the Trusted Root certificate you exported from the first tree, then click Next."), the Public Key Certificate was imported, instead of the Self Signed Certificate.
At step 20 of KB 3578820 ("Enter the filename of the Trusted Root certificate you exported from the first tree, then click Next."), the Public Key Certificate was imported, instead of the Self Signed Certificate.
