Environment
Open Enterprise Server 2018 (OES 2018) Linux
Open Enterprise Server 2015 (OES 2015) Linux Support Pack 1
Open Enterprise Server 2015 (OES 2015) Linux
Situation
Context list is empty when browsing for eDirectory context in NURM
Resolution
In order to browse for the eDirectory context in NURM, the edir_root_ca cert must exist in the /etc/alternatives/jre/lib/security/cacerts certificate store and contain a valid eDir CA cert. Follow this process to create the needed CA cert:
Verify CA Certificate
- Run this command to make sure the CA has not expired:
- openssl x509 -in /etc/opt/novell/certs/SSCert.der -inform der -noout -text |grep "Not After"
- openssl x509 -in /etc/opt/novell/certs/SSCert.der -inform der -noout -text |grep "Not After"
- If the CA has expired, you will need to recreate the CA in iManager and export it to the server using this document: https://www.novell.com/communities/coolsolutions/cool_tools/certificate-recreation-script-oes1-and-oes2/
Remove any existing edir_root_ca
Run these commands to remove any existing edir_root_ca certs from the stores:
OES2018:
- ST="-keystore /etc/alternatives/jre/lib/security/cacerts -storepass changeit"; keytool $ST -list |grep edir |cut -d\, -f1 |while read EC; do echo $EC; keytool $ST -delete -alias $EC; done
- ST="-keystore /var/opt/novell/tomcat/conf/cacerts -storepass changeit"; keytool $ST -list |grep edir |cut -d\, -f1 |while read EC; do echo $EC; keytool $ST -delete -alias $EC; done
OES2015:
- ST="-keystore /etc/alternatives/jre/lib/security/cacerts -storepass changeit"; keytool $ST -list |grep edir |cut -d\, -f1 |while read EC; do echo $EC; keytool $ST -delete -alias $EC; done
- ST="-keystore /var/opt/novell/tomcat6/conf/cacerts -storepass changeit"; keytool $ST -list |grep edir |cut -d\, -f1 |while read EC; do echo $EC; keytool $ST -delete -alias $EC; done
Create edir_root_ca
Run this command to add the edir_root_ca cert to the stores:
-
/opt/novell/eDirectory/sbin/keystore_setup.sh
Restart Tomcat
OES2015: rcnovell-tomcat6 restart
OES2018: rcnovell-tomcat restart