GroupWise Messenger SSL not working

  • 7014943
  • 21-Apr-2014
  • 11-Jun-2014

Environment

Novell GroupWise Messenger 2

Situation

SSL for GroupWise Messenger not working

Resolution

Here is a list of troubleshooting steps that can be taken to determine if SSL is correctly configured on GroupWise Messenger.
 
  1. First step to do is temporarily disable SSL authentication in the messenger startup file to verify Messenger agent can start and authenticate without SSL over port 389
  2. The default location for this is under /etc/opt/novell/messenger.  Open and modify the strtup.ma file
  3. Search for the switch --ldapport=636 and change it to --ldapport=389
  4. Restart Messenger agent with ./novell-nmma restart to see if it's able to authenticate, if so, this tells there is either an issue with LDAP listening over this port or bad certificates
  5. Next type ldapsearch -x -H ldaps://<ipaddress> into the terminal to see if ldap is listening over port 636.  Type the ldapserver IP in place of <ipaddress>
  6. If the console starts getting flooded with text, then ldap is reading over port 636.  Type ctrl+c to exit the ldapsearch. If ldap is not reading over 636, it's generally an issue with certificates either being bad, expired, or they've been replaced but not updated in the opt/novell/messenger/certs folder
  7. Verify the certicates for this ldapserver are valid and not expired
  8. If they're good, try exporting the certificate and copying to /opt/novell/messenger/certs
  9. Try another ldapsearch -x -H ldaps://<ipaddress>
    If getting a flood of text, it tells us ldap is able to read over secure port 636.  Press ctrl+c to exit the ldapsearch
  10. Make sure to change the ldap port back to 636 in the strtup.ma file
  11. Restart Messenger
 

Cause

Usually the certificate is either bad/expired or has been updated but not exported and copied over tot he /opt/novell/messenger/certs location.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.