Environment
Novell ZENworks Linux Management 7.3
Situation
The object store / embedded eDirectory certificate authority got
recreated since it was not possible to issue new server
certificates.
A Primary server or Secondary server LDAP server certificate is outdated and needs to be recreated.
Error message in tomcat log file under /var/opt/novell/log/zenworks/tomcat after assigning a new created server certificate to the respective LDAP server object:
"... No trusted certificate found ..."
A Primary server or Secondary server LDAP server certificate is outdated and needs to be recreated.
Error message in tomcat log file under /var/opt/novell/log/zenworks/tomcat after assigning a new created server certificate to the respective LDAP server object:
"... No trusted certificate found ..."
Resolution
Recreate the /opt/novell/zenworks/datamodel/share/ldap-certs
keystore file with the new certificate authority certificate:
- Run the openssl s_client -connect localhost:10636 -showcerts -keyform DER command
- From the screen output, copy the second displayed certificate into a file called ca.b64 file located in a temp folder including the "...--BEGIN CERTIFICATE--..." and "...--END CERTIFICATE--..." lines
- Run the command /opt/novell/eDirectory/lib64/nds-modules/embox/jre/bin/keytool -import - file ca.b64 -alias 127.0.0.1 -keystore ldap-certs to create a new keystore in the temp location.
- When prompted for the keystore password, use the contents of the /etc/opt/novell/zenworks/serversecret file
- Make a backup copy of the /opt/novell/zenworks/datamodel/share/ldap-certs file
- Overwrite the existing ldap-certs file with new created file
- Restart the ZLM service with the command zlm-config --restart
Additional Information
The ldap-certs keystore file gets created with the embedded
eDirectory certificate authority certificate on ZENworks Linux
Management install. To make ZLM trust a new created CA, the
keystore needs to be updated/recreated with new CA's
certificate.