Possible iFolder Certificate Issue after Upgrading Server to OES 11

  • Document ID:7010159
  • Creation Date:14-Feb-2012
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      iFolder
      Open Enterprise Server

Environment

Novell iFolder
Novell Open Enterprise Server 11 (OES 11) Linux

Situation

After upgrading to OES11 from OES2SP3, iFolder client no longer connects to server.  
 
Error on attempt to login into the admin web console: Failed to authenticate, Problem with Ldap or iFolder Server Certificate.

Resolution

This is a defect and has been reported to engineering.
  
Currently the work around is check the mono keystore and verify if one certificate needs to be uninstalled and reinstalled, or, if the entire mono keystore needs to be rebuilt:
 
Analyze the output of: certmgr -list -c -m Trust
 
If, a list of certificates is returned, verify the certificate data for the LDAP server, and confirm the certificate has NOT expired.  If the certificate is not longer valid, it may be possible to resolve this problem by following the steps outlined in TID 3248305  which are summarized here:
  1. certmgr -del -c -m Trust <the unique hash value of the cert to delete>
  2. rcapache2 stop
  3. certmgr -ssl ldaps://0.0.0.0:636 -c -m Trust  (Note: the IP address of 0.0.0.0 may be replaced with the IP address of the correct LDAP server where appropriate)
  4. rcapache2 start
 If instead of a list of certificates, mono returns an unhandled exception, the problem may be resolved by following the steps outlined in TID 3646970.  The are summarized here:
  1. rcapache2 stop
  2. Move the content of the following directories to a temporary location, and make sure that the following directories are empty (note this is to make a backup of the files contained here in case these steps to not resolve the problem)
    /root/.config/.mono/certs/AddressBook/
    /root/.config/.mono/certs/Trust/
    /usr/share/.mono/certs/Trust/
    /var/lib/wwwrun/.config/.mono/certs/Trust/
  3. Reimport the certificates:
    certmgr -ssl ldaps://<IP address of LDAP server>:636 -c -m Trust
    certmgr -https://<IP address of Apache server>:443 -c -m Trust
  4. Check the certificates
    certmgr -list -c -m Trust
  5. rcapache2 start

Note, these summaries provide the basic steps, further information may found in the Tids linked to this docuemtn.