GMS system 10 years or older won't start

  • 7024837
  • 23-Sep-2020
  • 23-Sep-2020

Environment

GroupWise Mobility Service 18

Situation

GMS won't start.  The following error is seen in the /var/log/datasync/syncengine/engine.log file:

rtype: <urlopen error [SSL: SSLV3_ALERT_CERTIFICATE_EXPIRED] sslv3 alert certificate expired (_ssl.c:661)>

The /var/log/datasync/install.log indicates that the GMS system was originally installed 10 years ago.

Resolution

The internal pem files used for all internal GMS components are based on the selfsigned CA created during the initial installation and is valid for 10 years.

This CA is in /var/lib/datasync/common/CA/trustedroot.pem

All other parts of GMS using pem files are based on this CA and are stored in

/var/lib/datasync/webadmin/server.pem
/var/lib/datasync/configengine/soapserver.pem
/var/lib/datasync/syncengine/remoteManagement.pem
/var/lib/datasync/syncengine/connectors.pem

When after 10 years these certificates expire this means GMS will not start anymore and the self signed CA needs to be recreated, after this the certificates based on this also need to be recreated.

Scripts are provided for this in /opt/novell/datasync/common/bin/ssl/

The order you run this in is

deleteCA.sh
createCA.sh
rebuildCerts.sh

When done GMS starts again, the self signed CA and all certificates are renewed for another 10 years.

Cause

The internal CA and associated certificates have expired

Feedback service temporarily unavailable. For content questions or problems, please contact Support.