ifolder configuration error - please help

I am trying to configure ifolder, and got the following error

Self-signed  X.509 Certificate v3
Issued from: OU=Organizational CA, O=MYTEST_TREE
Issued to:   OU=Organizational CA, O=MYTEST_TREE
Valid from:  01/31/2010 01:22:59
Valid until: 01/31/2020 01:22:59


----- ACCEPT LDAP CERTIFICATE -----


Accept LDAP Certificate? [Y]:
Done
Connecting to ldaps://192.168.0.7/...Detected errors in the Server
Certificate:
-2146762481
-2146762495
Done
Querying for directory type...get directory type

here never got the prompt back, I have to press CTRL+C to quit.

here are the details 
OS: SLES 10 SP3 i586

# cat /etc/hosts

127.0.0.2       gateway.mytest.com gateway mytest MYTEST_TREE

192.168.0.7    gateway.mytest.com gateway mytest MYTEST_TREE

# cat /etc/hosts.nds
MYTEST_TREE.    192.168.0.7

# rcndsd status
Tree Name: MYTEST_TREE
Server Name: .CN=gateway.O=mytest.T=MYTEST_TREE.
Binary Version: 20219.15
Root Most Entry Depth: 0
Product Version: eDirectory for Linux v8.8 SP5 [DS]

Regards
needee


-- 
needee
------------------------------------------------------------------------



0
needee
2/1/2010 4:46:02 PM
novell.support.ifolder 4327 articles. 0 followers. Follow

5 Replies
2378 Views

Similar Articles

[PageSpeed] 46

needee;1926093 Wrote: 
> I am trying to configure ifolder, and got the following error
> 
> Self-signed  X.509 Certificate v3
> Issued from: OU=Organizational CA, O=MYTEST_TREE
> Issued to:   OU=Organizational CA, O=MYTEST_TREE
> Valid from:  01/31/2010 01:22:59
> Valid until: 01/31/2020 01:22:59
> 
> 
> ----- ACCEPT LDAP CERTIFICATE -----
> 
> 
> Accept LDAP Certificate? [Y]:
> Done
> Connecting to ldaps://192.168.0.7/...Detected errors in the Server
> Certificate:
> -2146762481
> -2146762495
> Done
> Querying for directory type...get directory type
> 

Hmmm... Does 'this message'
(http://forums.novell.com/novell-product-support-forums/ifolder/355874-detected-errors-server-certificate.html#post1718474)
help at all?

While your cert surely hasn't expired, perhaps there's an old one
cached somewhere or something isn't quite right with your new one.

HTH


-- 
Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC
www.2rosenthals.com
------------------------------------------------------------------------
Rachelsdad's Profile: http://forums.novell.com/member.php?userid=5435
View this thread: http://forums.novell.com/showthread.php?t=400152

0
Rachelsdad
2/1/2010 7:36:01 PM
Hi thanks for the help dear

>While your cert surely hasn't expired, perhaps there's an old one
cached somewhere 
This is a fresh install... so chance of "old one cached somewhere". is
very rare/hard.

>or something isn't quite right with your new one.
so how can I check it ? no eDirectory expertise here ;(

I installed the OS from scratch, installed eDirectory with a new/diff
tree and organization name

edif:~ # rcndsd status
Tree Name: PKNDS_TREE
Server Name: .CN=edif.O=pknds.T=PKNDS_TREE.
Binary Version: 20219.15
Root Most Entry Depth: 0
Product Version: eDirectory for Linux v8.8 SP5 [DS]

edif:~ # cat /etc/hosts
127.0.0.1       localhost
192.168.0.254   edif.pknds edif

edif:~ # cat /etc/hosts.nds
pknds_tree.           192.168.0.254


edif:~ # certmgr -ssl ldaps://edif.pknds:636
Mono Certificate Manager - version 1.2.6.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2007 Novell.
BSD licensed.


Self-signed  X.509 Certificate v3
Issued from: OU=Organizational CA, O=PKNDS_TREE
Issued to:   OU=Organizational CA, O=PKNDS_TREE
Valid from:  02/01/2010 23:13:30
Valid until: 02/01/2020 23:13:30
Import this certificate into the Trust store ?y

X.509 Certificate v3
Issued from: OU=Organizational CA, O=PKNDS_TREE
Issued to:   O=PKNDS_TREE, CN=edif.pknds
Valid from:  02/03/2010 21:13:32
Valid until: 02/03/2012 21:13:32
*** WARNING: Certificate isn't current ***
Import this certificate into the AddressBook store ?y

2 certificates added to the stores.


and following is the output of /usr/bin/simias-server-setup


Configuring /var/simias/data/simias/Simias.config...SetupSimias - Done
Configuring /etc/apache2/conf.d/simias.conf...Done
Installing certificate from ldaps://edif.pknds/...
Ldap certificate :

Mono Certificate Manager - version 1.2.6.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2007 Novell.
BSD licensed.


Self-signed  X.509 Certificate v3
Issued from: OU=Organizational CA, O=PKNDS_TREE
Issued to:   OU=Organizational CA, O=PKNDS_TREE
Valid from:  02/01/2010 23:13:30
Valid until: 02/01/2020 23:13:30


----- ACCEPT LDAP CERTIFICATE -----


Accept LDAP Certificate? [Y]: Y
Done
Connecting to ldaps://edif.pknds/...Detected errors in the Server
Certificate:
-2146762495
Failed

LdapException: (91) Connect Error
System.IO.IOException: The authentication or decryption has failed.
---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate
received from server.
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
(Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
() [0x00000]
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
[0x00000]
at (wrapper remoting-invoke-with-check)
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
at
Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000]
at
Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
(IAsyncResult asyncResult) [0x00000] --- End of inner exception stack
trace ---

at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResult asyncResult) [0x00000]
at Novell.Directory.Ldap.LdapResponse.chkResultCode () [0x00000]
at Novell.Directory.Ldap.LdapConnection.chkResultCode
(Novell.Directory.Ldap.LdapMessageQueue queue,
Novell.Directory.Ldap.LdapConstraints cons,
Novell.Directory.Ldap.LdapResponse response) [0x00000]
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version,
System.String dn, System.SByte[] passwd,
Novell.Directory.Ldap.LdapConstraints cons) [0x00000]
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version,
System.String dn, System.String passwd,
Novell.Directory.Ldap.LdapConstraints cons) [0x00000]
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn,
System.String passwd, AuthenticationTypes authenticationTypes)
[0x00000]
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn,
System.String passwd) [0x00000]
at Novell.iFolder.Utility.LdapUtility.Connect () [0x00000]
at Novell.iFolder.SimiasServerSetup.SetupLdap () [0x00000]
at Novell.iFolder.SimiasServerSetup.Configure () [0x00000]
at Novell.iFolder.SimiasServerSetup.Main (System.String[] args)
[0x00000]

FAILED

please help


-- 
needee
------------------------------------------------------------------------
needee's Profile: http://forums.novell.com/member.php?userid=16133
View this thread: http://forums.novell.com/showthread.php?t=400152

0
needee
2/3/2010 6:56:02 PM
needee;1927556 Wrote: 
> 
> >While your cert surely hasn't expired, perhaps there's an old one
> cached somewhere 
> This is a fresh install... so chance of "old one cached somewhere". is
> very rare/hard.
> 

"Fresh install" as in...fresh iFolder install or fresh eDirectory
install?

> >or something isn't quite right with your new one.
> so how can I check it ? no eDirectory expertise here ;(

Have a look 'here'
(http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3392944&sliceId=1&docTypeID=DT_TID_1_1&dialogID=36458924&stateId=1%200%2036456798).

> I installed the OS from scratch, installed eDirectory with a new/diff
> tree and organization name
> 
> edif:~ # rcndsd status
> Tree Name: PKNDS_TREE
> Server Name: .CN=edif.O=pknds.T=PKNDS_TREE.
> Binary Version: 20219.15
> Root Most Entry Depth: 0
> Product Version: eDirectory for Linux v8.8 SP5 [DS]
> 
> edif:~ # cat /etc/hosts
> 127.0.0.1       localhost
> 192.168.0.254   edif.pknds edif
> 

This all looks fine.

> edif:~ # cat /etc/hosts.nds
> pknds_tree.           192.168.0.254
> 

Hmmm... I'm not sure, as my eDir 8.7.3.9 install on Linux looks
different, and looking at a client's 8.8 SP5 install on 64-bit OES2 only
includes the IP (no hostname). Still, I doubt this is the issue.

> edif:~ # certmgr -ssl ldaps://edif.pknds:636
> Mono Certificate Manager - version 1.2.6.0
> Manage X.509 certificates and CRL from stores.
> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2007 Novell.
> BSD licensed.
> 
> 
> Self-signed  X.509 Certificate v3
> Issued from: OU=Organizational CA, O=PKNDS_TREE
> Issued to:   OU=Organizational CA, O=PKNDS_TREE
> Valid from:  02/01/2010 23:13:30
> Valid until: 02/01/2020 23:13:30
> Import this certificate into the Trust store ?y
> 

This, too, should be fine.

>  X.509 Certificate v3
> Issued from: OU=Organizational CA, O=PKNDS_TREE
> Issued to:   O=PKNDS_TREE, CN=edif.pknds
> Valid from:  02/03/2010 21:13:32
> Valid until: 02/03/2012 21:13:32
> *** WARNING: Certificate isn't current ***
> Import this certificate into the AddressBook store ?y
> 

I guess this is where we're getting tripped up. There's something about
the server cert which isn't quite right.

Try going into iManager and reissuing the server cert. Use the option
to repair default certificates under Novell certificate services.


> and following is the output of /usr/bin/simias-server-setup
> 
> 
> Configuring /var/simias/data/simias/Simias.config...SetupSimias - Done
> Configuring /etc/apache2/conf.d/simias.conf...Done
> Installing certificate from ldaps://edif.pknds/...
> Ldap certificate :
> 
> Mono Certificate Manager - version 1.2.6.0
> Manage X.509 certificates and CRL from stores.
> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2007 Novell.
> BSD licensed.
> 
> 
> Self-signed  X.509 Certificate v3
> Issued from: OU=Organizational CA, O=PKNDS_TREE
> Issued to:   OU=Organizational CA, O=PKNDS_TREE
> Valid from:  02/01/2010 23:13:30
> Valid until: 02/01/2020 23:13:30
> 
> 
> ----- ACCEPT LDAP CERTIFICATE -----
> 
> 
> Accept LDAP Certificate? [Y]: Y
> Done
> Connecting to ldaps://edif.pknds/...Detected errors in the Server
> Certificate:
> -2146762495
> Failed
> 
> 

We're surely not going to get very far after this. It looks like
something didn't go right with the original generation of the cert. Try
the repair and see if that helps.

For me, this is actually easier on NetWare.


-- 
Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC
www.2rosenthals.com
------------------------------------------------------------------------
Rachelsdad's Profile: http://forums.novell.com/member.php?userid=5435
View this thread: http://forums.novell.com/showthread.php?t=400152

0
Rachelsdad
2/3/2010 10:06:02 PM
> I guess this is where we're getting tripped up. There's something
about the server cert 
> which isn't quite right.

> Try going into iManager and reissuing the server cert. Use the option
to repair default 
> certificates under Novell certificate services.

> We're surely not going to get very far after this. It looks like
something didn't go right 
> with the original generation of the cert. Try the repair and see if
that helps.


thanks dear, I appreciate your efforts, issue resolved, by repairing
the certificate ;)

>For me, this is actually easier on NetWare
this also very simple on Linux via iManager, simply click on Novell
Certificate Server > Repair Default Certificate > select the Server

Do you think its a bug in 8.8SP5 ? or do you there is something wrong
with configuration (my mistake) ? 

Regards
needee


-- 
needee
------------------------------------------------------------------------
needee's Profile: http://forums.novell.com/member.php?userid=16133
View this thread: http://forums.novell.com/showthread.php?t=400152

0
needee
2/3/2010 10:56:01 PM
needee;1927757 Wrote: 
> > I guess this is where we're getting tripped up. There's something
> about the server cert 
> > which isn't quite right.
> 
> > Try going into iManager and reissuing the server cert. Use the option
> to repair default 
> > certificates under Novell certificate services.
> 
> > We're surely not going to get very far after this. It looks like
> something didn't go right 
> > with the original generation of the cert. Try the repair and see if
> that helps.
> 
> 
> thanks dear, I appreciate your efforts, issue resolved, by repairing
> the certificate ;)
> 

Excellent! You're welcome, and I'm glad I could help.

> >For me, this is actually easier on NetWare
> this also very simple on Linux via iManager, simply click on Novell
> Certificate Server > Repair Default Certificate > select the Server

Indeed, yes. My thought was that on NetWare, we have pkidiag, which
checks and corrects many issues right at the server console. On Linux,
npki, which does *some* of the same things (or perhaps all of them; I
just don't know my way around it very well - yet). Also, I'm more
familiar with using ConsoleOne for Certificate Server and not the newer
iManager functionality.

> 
> Do you think its a bug in 8.8SP5 ? or do you there is something wrong
> with configuration (my mistake) ? 

I'm not aware of any issues with 8.8 SP5. My guess would be that
*something* happened during the creation of the original cert, but
whether that was truly your fault or just an anomaly, who's to say?
Hopefully, you won't see the issue again with any of the certs you might
generate.

Cheers.


-- 
Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC
www.2rosenthals.com
------------------------------------------------------------------------
Rachelsdad's Profile: http://forums.novell.com/member.php?userid=5435
View this thread: http://forums.novell.com/showthread.php?t=400152

0
Rachelsdad
2/4/2010 12:26:02 AM
Reply:

Web resources about - ifolder configuration error - please help - novell.support.ifolder

Configuration management - Wikipedia, the free encyclopedia
The CM process is widely used by military engineering organizations to manage complex systems , such as weapon systems, vehicles, and information ...

Facebook Taps Opscode Private Chef For Configuration, Management Of Servers
How does Facebook manage its ever-growing plethora of servers , configurations, administrative access policies, and the other tasks that go along ...

Safe Gadget - Secure Your Computer and Smartphones with Easy to Follow Security Configuration Tips on ...
Get Safe Gadget - Secure Your Computer and Smartphones with Easy to Follow Security Configuration Tips on the App Store. See screenshots and ...

The Promise of System Configuration - YouTube
Google Tech Talks November 5, 2008 ABSTRACT In 1993 cfengine was one of the first open source configuration management systems for Unix, and ...

IBM: The PC is the new mainframe - Apple, Configuration / maintenance, Data Center, hardware systems ...
"The PC is dead!" We've heard that message a lot since the birth of Apple's iPad, but when one of the creators of IBM's first PC added his voice ...

Cloud BI vendor Birst bags $38 million in venture funding - SaaS, Configuration / maintenance, Birst ...
Birst, a San Francisco company that offers cloud-based business intelligence services, has scored a US$38 million venture investment led by existing ...

EMC teams with Avaya (not Cisco) on communication pods - unified communications, Configuration / maintenance ...
Two stalwarts in the enterprise IT market joined forces today to release a unified communications stack that integrates hardware from EMC, virtualization ...

Top tech companies plug into renewable power - Configuration / maintenance, Google, Microsoft, Networking ...
Leading tech companies like Microsoft, Google and Apple are making huge inroads in the use of renewable energy for corporate facilities and data ...

New 15-inch 2.5 GHz MacBook Pro unboxed and compared to other 2015 configurations
Apple’s new 15-inch MacBook Pro with Retina Display is here and available in a few different configurations. We’re take a closer look at the ...

Qualcomm Announces Snapdragon 820 Modem Configuration
... program. While we have some information about various bits and pieces of Snapdragon 820, the real points of interest like the exact CPU configuration, ...

Resources last updated: 12/12/2015 7:20:20 PM