SSPR Users locked out after LDAP certificates are updated

  • Document ID:7023291
  • Creation Date:21-Aug-2018
  • Modified Date:20-Sep-2018
    • Micro Focus Products:
      Self Service Password Reset

Environment

Self Service Password Reset
SSPR 4.x

Situation

Error 5017 authenticating to SSPR 
Error 5059 - A certificate error has been encountered
Directory unavailable after certificates on the LDAP server were updated
Users unable to login after updating certs on LDAP server


Resolution

Reset the LDAP certificates by deleting and re-importing them through SSPR Config Editor 

Steps if using SSPR Appliance:
  1. Open the SSPR Appliance (port 9443)   https://server.whatever.com:9443
  2. Open Administrative Commands 
  3. Select Unlock configuration
  4. Open SSPR Configuration Editor by going direrectly to https://server.whatever.com/sspr/private/config/editor (you might need to use a browser other than IE)
  5. In Config Editor,  select LDAP ⇨ LDAP Directories ⇨ default ⇨ Connection,   LDAP Certificates
  6. Select Clear 
  7. Select Import from server
  8. Save Changes
  9. Go back to the appliance (port 9443)  https://server.whatever.com:9443 
  10. Open Administrative Commands 
  11. Select Lock configuration

Steps if using Linux  (.war) or Windows (.msi) implementations of SSPR:
  1. Edit SSPRConfiguration.xml and set  "configIsEditable"  to true.  It should look like this:      <property key="configIsEditable">true</property>    (for more detail  see KB 7014954, "SSPR config manager not available" at https://support.microfocus.com/kb/doc.php?id=7014954
  2. Open SSPR Configuration Editor by going direrectly to https://server.whatever.com/sspr/private/config/editor (you might need to use a browser other than IE)
  3. In Config Editor,  select LDAP ⇨ LDAP Directories ⇨ default ⇨ Connection,   LDAP Certificates
  4. Select Clear 
  5. Select Import from server
  6. Save Changes