Environment
GroupWise Mobility Service 18
Situation
GMS won't start. The following error is seen in the /var/log/datasync/syncengine/engine.log file:
rtype: <urlopen error [SSL: SSLV3_ALERT_CERTIFICATE_EXPIRED] sslv3 alert certificate expired (_ssl.c:661)>
The /var/log/datasync/install.log indicates that the GMS system was originally installed 10 years ago.
Resolution
The internal pem files used for all internal GMS components are based on the selfsigned CA created during the initial installation and is valid for 10 years.
This CA is in /var/lib/datasync/common/CA/trustedroot.pem
All other parts of GMS using pem files are based on this CA and are stored in
/var/lib/datasync/webadmin/server.pem
/var/lib/datasync/configengine/soapserver.pem
/var/lib/datasync/syncengine/remoteManagement.pem
/var/lib/datasync/syncengine/connectors.pem
When after 10 years these certificates expire this means GMS will not start anymore and the self signed CA needs to be recreated, after this the certificates based on this also need to be recreated.
Scripts are provided for this in /opt/novell/datasync/common/bin/ssl/
The order you run this in is
deleteCA.sh
createCA.sh
rebuildCerts.sh
When done GMS starts again, the self signed CA and all certificates are renewed for another 10 years.
Cause
The internal CA and associated certificates have expired