Access Manager Console error Exception occurred processing MetadataRepositories_TableView.jsp tying to configure Metadata Repositories

  • Document ID:7024491
  • Creation Date:20-Mar-2020
  • Modified Date:20-Mar-2020
    • Micro Focus Products:
      Access Manager (NAM)

Environment

  • Access Manager 4.5
  • Access Manager 4.5.1

Situation

  • Access Manager Appliance 4.5.1

  • iManager reports the error: "Exception occurred processing MetadataRepositories_TableView.jsp tying to configure Metadata Repositories"




  • The "/var/opt/novell/nam/logs/adminconsole/tomcat/catalina.out" lists the following error:
    com.novell.nidp.admin.model.NidsAdminException: com.novell.emframe.dev.AuthBrokerException:
    Creating secure SSL LDAP context failed:  simple bind failed: 0.0.0.0:636

  • After enabling SSL debug logging:
    %% Invalidated:  [Session-90, TLS_RSA_WITH_AES_256_CBC_SHA256]
    https-jsse-nio-8443-exec-4, SEND TLSv1.2 ALERT:  fatal, description = certificate_unknown
    https-jsse-nio-8443-exec-4, WRITE: TLSv1.2 Alert, length = 2
    https-jsse-nio-8443-exec-4, called closeSocket()
    https-jsse-nio-8443-exec-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.securit
    y.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCer
    tPathBuilderException: unable to find valid certification path to requested target
    com.novell.nidp.admin.model.NidsAdminException: com.novell.emframe.dev.AuthBrokerException: Crea
    ting secure SSL LDAP context failed:
    simple bind failed: 0.0.0.0:636

Resolution

  • use iManager to export the ConfigCA Root Certificate
    Dashboard => Certificates => Trusted Roots => configCA => Export Public Certificate => DER File => Save File



  • copy the exported "configCA_exportedCert.der"  file over to your Admin Console server

  • import the exported Trusted Root Certificate: "/opt/netiq/common/jre/bin/keytool -import -alias ConfigCA -file configCA_exportedCert.der -keystore /opt/netiq/common/jre/lib/security/cacerts". The Password for the keystore is "changeit".

  • restart the Admin Console: "/etc/init.d/novell-ac restart"

Cause

  • The LDAP server Certificate validation failed due to the fact that the Trust Chain / Root Certificate is missing in the Trusted Root Certificate store.

Additional Information

List of files use for the Admin Console server:
  • Trusted Root Certificate Store: "/opt/netiq/common/jre/lib/security/cacerts"
  • Tomcat Configuration: "/opt/novell/nam/adminconsole/conf/tomcat8.conf"
  • Tomcat Connector Configuration: "/var/opt/novell/nam/logs/adminconsole/tomcat/catalina.out"

Troubleshooting:
  • Enable SSL debug logging for Tomcat

    • add the "JAVA_OPTS="${JAVA_OPTS} -Djavax.net.debug=ssl" options to  "/opt/novell/nam/adminconsole/conf/tomcat8.conf"



    • stop the Admin Cosnole service: "/etc/init.d/novell-ac stop"
    • reset the catalina,out logfile: "> /var/opt/novell/nam/logs/adminconsole/tomcat/catalina.out"
    • start the Admin Console service: "/etc/init.d/novell-ac start"