Transport error - Keystore type is not PKCS12 when setting password in iManager 3

  • 7023894
  • 22-May-2019
  • 12-Feb-2020

Environment

iManager 3.1.3
eDirectory 9.1.3
Open Enterprise Server 2018 SP1 (OES 2018 SP1) Linux

Situation

During the iManager upgrade, while waiting for the password prompt, the following seen instead:
Error: Server Configuration Error
NMAS LDAP Transport Error

/var/log/messages shows the following:
2019-05-15T16:18:20.214602+02:00 dsfwsp1 novell-tomcat[1726]: KeyStore_IM.........141 Unable to create the iManager KeyStore.: Keystore type is not PKCS12
2019-05-15T16:18:20.215256+02:00 dsfwsp1 novell-tomcat[1726]: com.novell.emframe.dev.AuthBrokerException: Creating secure SSL LDAP context failed:

Creating a user object with a simple password: the user is created but there is an error that the simple password could not be set. 
Errors seen:
Unable to create a LDAP connection usng SSL to eDirectory server.
Creating secure SSL LDAP context failed.

Resolution

The workaround is to delete the iMKS file and restart tomcat. This truststore can be found here: /var/opt/novell/iManager/nps/WEB-INF/

Once Tomcat is restarted the file is re-created with the tree's RootCA certificate.

Cause

There was a keystore change for JKS to PKCS12.  The IMKS file was updating with edirectory certificates during startup but validation was not properly handled leading to problems using the server certificate during iMgr's LDAP connection: throwing secure SSL LDAP context failed.

This has been resolved in iManager 3.1.4