SSLVPN Servlet installed with Acces Gateway Appliance ISO does not start due to missing keystore

  • 7012415
  • 14-May-2013
  • 14-May-2013

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2.1
NetIQ Access Manager 3.2.1IR1a
NetIQ Access Manager Gateway Appliance

Situation

  • SSLVPN server has been installed in combination with the Access Gateway Appliance

  • SSLVPN server Servlet does not start

  • The "/var/opt/novell/nam/logs/sslvpn/tomcat/catalina.out" returns:

    "The keystore keystoreFile="/opt/novell/devman/jcc/certs/nam/nam.keystore"
    defined in "/opt/novell/nam/sslvpn/conf/server.xml does not exist."

Resolution

  1. stop your SSLVPN server
  2. backup your existing "/opt/novell/nam/sslvpn/conf/server.xml"
  3. edit the "/opt/novell/nam/sslvpn/conf/server.xml" and change the connector in order to disble SSL

    <Connector NIDP_Name="connector" address="A.B.C.D" port="3080"maxThreads="200" minSpareThreads="5" enableLookups="false" acceptCount="100"scheme="http" secure="false" disableUploadTimeout="true" URIEncoding="utf-8" clientAuth="false"SSLEnabled="false">
    </Connector>


  4. start you sslvpn service
  5. check the "/var/opt/novell/nam/logs/sslvpn/tomcat/catalina.out"
  6. The SSLVPN servlet  servlet should listen now on port 3080 without SSL
    (use netstat -patune | grep :3080 to confirm)

Cause

  • The server.xml which has been generated using the installation process is corrupt
  • This issue has been addressed to engineering

Feedback service temporarily unavailable. For content questions or problems, please contact Support.