Environment
Novell Access Manager 3.1
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Linux Access Gateway
Situation
- Linux Access Gateway (LAG) health status is "Server is not reporting"
- All Linux Access Gateway services (jcc, tomcat5, vmc) are up and running.
- The JCC service (Device Manager) running on the LAG logs the following error message("/opt/novell/devman/jcc/logs/jcc-0.log.0"):
"Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate"
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate"
- The Access Manager Console server (AC) reports logs the error:
("/opt/volera/roma/logs/app_sc.0.log")
(D)2010-09-28T21:31:15Z(L)application.sc.config(T)13(C)com.volera.vcdn.application.sc.config.AGConfigWork(M)F(E)Error in sending the configuration settings to the device.<!-- y:2363 Error in sending request to Device.<!-- y:76 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found --> -->
at com.volera.vcdn.application.sc.config.ConfigWork.K(y:2363)
at com.volera.vcdn.application.sc.config.ConfigWork.K(y:2363)
Resolution
Correct the NTP, time problems on the LAG device and run a re-import.
Additional Information
The LAG system time was set to the future (Year 2030). This situation would invalidate all used JCC certificates on the LAG. To address this an automatic process will run to update the the JCC certificates used for the Mutual SSL authentication protecting the JCC communication channel (usually 15 days before the certificates will expire). The Access Manager Console (AC) was set to the
correct (current) time and therefore could not validate the certificate provided for SSL Mutual Authentication by
the JCC service running on the LAG (due to x509v3 valid from Certificate
attribute)