Environment
Novell iManager 2.7
Novell iManager 2.6
Novell NetStorage
Situation
When attempting to manage NetStorage via the iManager plugin, the pages to the right where the config options would normally be are blank. This is caused by a bug in cookie management and results in the following java exception: (see the catalina.out file)
java.io.IOException: Server returned HTTP response code: 401 for URL: https://10.0.0.1/oneNet/nsadmin?label=[mapdav]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1179)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
at com.ibm.net.ssl.www2.protocol.https.a.getResponseCode(a.java:9)
at com.novell.emframe.netstorage.NetStorage.authenticate(NetStorage.java:1777)
at com.novell.emframe.netstorage.NetStorage.getXML(NetStorage.java:1664)
at com.novell.emframe.netstorage.NetStorage.getXML(NetStorage.java:1646)
at com.novell.emframe.netstorage.NetStorage.getNetWareMainPageData(NetStorage.java:507)
at com.novell.emframe.netstorage.NetStorage.execute(NetStorage.java:265)
at com.novell.emframe.dev.Task.execute(Task.java:505)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1179)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
at com.ibm.net.ssl.www2.protocol.https.a.getResponseCode(a.java:9)
at com.novell.emframe.netstorage.NetStorage.authenticate(NetStorage.java:1777)
at com.novell.emframe.netstorage.NetStorage.getXML(NetStorage.java:1664)
at com.novell.emframe.netstorage.NetStorage.getXML(NetStorage.java:1646)
at com.novell.emframe.netstorage.NetStorage.getNetWareMainPageData(NetStorage.java:507)
at com.novell.emframe.netstorage.NetStorage.execute(NetStorage.java:265)
at com.novell.emframe.dev.Task.execute(Task.java:505)
Resolution
Backup and edit the following file on the iManager server: /var/opt/novell/tomcat5/webapps/nps/WEB-INF/config.xml
Add the following configuration parameters at the end of the file and insert the server name or IP address of the netstorage server:
<setting>
<name><![CDATA[NetStorageServer]]></name>
<value><![CDATA[servername or IP address]]></value>
</setting>
<setting>
<name><![CDATA[NetStorageServerProtocol]]></name>
<value><![CDATA[http]]></value>
</setting>
<name><![CDATA[NetStorageServer]]></name>
<value><![CDATA[servername or IP address]]></value>
</setting>
<setting>
<name><![CDATA[NetStorageServerProtocol]]></name>
<value><![CDATA[http]]></value>
</setting>
Now restart Apache and Tomcat
rcapache2 restart
/etc/init.d/novell-tomcat5 stop
/etc/init.d/novell-tomcat5 start
OES 2015
If the NetStorage plugins for iManager aren't working on OES 2015, please work through TID 3374174 before attempting to reinstall the iManager plugins
Additional Information
This can also happen when the certificate used by the Apache server running NetStorage does not exist in the java keystore. The NetStorage plugin uses the SSL protocol to communicate with the NetStorage server. For this connection to work, the certificate used by the Apache server running NetStorage must be imported into the iManager servers java keystore.
If this cert is missing, the following exception will be in the Tomcat catalina.out file:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by "certificate authority" is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
java.security.cert.CertPathValidatorException: The certificate issued by "certificate authority" is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
To import the certificates, follow these steps:
1. Export the trusted root and server certificate from eDirectory in DER format. If you are using 3rd party certs, make sure you have all certificates in the certificate chain as you will need to import the entire chain. I fyou do not have these certificates in a DER format, use openssl to convert them.
2. Copy these certificate files to the server where iManager is running.
3. Use the java keytool to import these certificates into the java keystore used by tomcat. (On an OES2 server the keystore is at /var/opt/novell/tomcat5/conf/cacerts. On most other Linux servers it is at $JAVA_HOME/jre/lib/security/cacerts.)
keytool -import -alias alias_name -file /trustedrootcert.der -keystore /var/opt/novell/tomcat5/conf/cacerts
Specify "changeit" or "novell" as the key store password and then type "yes" to trust the certificate. If everything goes well, you will see the message "Certificate added to keystore" indicating success.
4. Repeat this process for each certificate in the certificate chain.
Now restart Apache and Tomcat
rcapache2 restart
/etc/init.d/novell-tomcat5 stop
/etc/init.d/novell-tomcat5 start