Invalid credentials log in thru mobile apps

  • 7017025
  • 30-Nov-2015
  • 30-Nov-2015

Environment

Novell iPrint Appliance 1.1 Patch 3 (version .418)

Situation

When trying to log in thru mobile apps, an "invalid credentials" error is
shown, even if the credentials are correct.

Also when accessing the renderer page on the MC console on the Appliance, there were no renderers listed, even
internal and external (windows) renderer are configured and working.

Resolution

Customer is using a wildcard VeriSign certificate

Configuration:

Appliance internal name: 1.domain.intern
Appliance external name: 2.domain.com
SSL Certificate: *.domain.com from VeriSign

Solution was:
1. Adjust the /etc/hosts to have domain name for external access first:

<ip> 2.domain.com  1.domain.intern

This first entry needs to match the SSL certificate name otherwise the error is present

2. Add public key of Server-Certificate, Intermediate CA and Root CA
from VeriSign as trusted to the Web certificate store.

See additional note to see how to generate the correct pfx/p12 file

Cause

If the first entry on the /etc/hosts file does not match the SSL certificate name, connection is rejected as untrusted as the appliance only check first entry on the hosts name to validate the SSL certificate name.
The wrong configuration giving the error was:

/etc/hosts/

<ip> 1.domain.intern  2.domain.com

Additional Information

How we created the PFX from a wildcard VeriSign certificate to import it into the appliance:

Command:

#openssl pkcs12 -export -out wildcard5.pfx -inkey 4-wildcard-key.pem -in 3-ssl_certificate.crt -certfile 2a-IntermediateCA-RootCA.crt

- 4-wildcard-key.pem = privat Server Key
- 3-ssl_certificate.crt = public Server Certificate
- 2a-IntermediateCA-RootCA.crt = public key of both CAs (first the
intermediate, second the root certificate)