remote loader and ssl
Jude McCormick
have loaded IDM2 on a NW6.5 server and the remote loader service on a win3k
box. All was loading OK except password sync, so I went through the IM
admin guide and made sure I had everything set up okay. It told me enable
SSL communication on the remote loader in order to have password sync 2 work
correctly. After I added the kmo=certificate line to the driver properties
the remote loader would not connect anymore giving the following text in the
debug:
Loader: Waiting for DirXML to connect on 'TCP server socket, port 8090,
address xxx.xxx.xxx.xxx, using SSL'...
SSL protocol failure: error 14090086: SSL routine:
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed.
I know I've validated the certificates and exported them correctly.
Thanks, Jude
Skipper
Have had the same thing.
Make sure that you export the right certificate.
Make sure that the kmo line reads kmo="yourcert - Servername"
In my case the cert was named Dirxml - FS1 forgot the - FS1
Skipper
Support Engineer
CNE / CCNA
Jude McCormick
starts it just sits at:
Loader: Waiting for DirXML to connect on 'TCP server socket, port 8090,
address xxx.xxx.xxx.xxx, using SSL'...
No error messages, nothing. I let it sit for 24 hours and it did nothing.
I'm going to play with it some more today, but I'd love some suggestions.
Thanks, Jude
"Skipper" <xander.A...@spamlischgroep.nl> wrote in message
news:NbeRb.86$Wh...@prv-forum2.provo.novell.com...
Skipper
took the server about a minute to make the connection.
Have you restarted the dirxml driver on the NW server to activate the change?
Gary Clarkson
cert - servername. They should put a browse button there for us
typing/syntax impaired people ;).
"Skipper" <xander.A...@spamlischgroep.nl> wrote in message
news:gz4Sb.2591$Wh....@prv-forum2.provo.novell.com...
Jude McCormick
still never connected. I'm currently rebuilding it.
"Gary Clarkson" <gacl...@myrealbox.com> wrote in message
news:lwiSb.3425$Wh....@prv-forum2.provo.novell.com...
Perin Blanchard, DevNet SysOp 43
that names the KMO is called the "key pair name" and it is the portion of
the KMO object name that is before the "-" character.
--
Perin Blanchard, DevNet SysOp 43
"Jude McCormick" <jude.mc...@nhmccd.edu> wrote in message
news:MbvSb.3825$Wh....@prv-forum2.provo.novell.com...
Jude McCormick
the error message I'm getting in the publisher status log:
java.io.ioexception: unable to read certificate, error 2612d194:kmo support
routines:ssl_ctx_use_kmo:reason (404), error 2612d198: kmo support routines:
ssl_ctx_use_kmo: reason (408)
no object name provided.
I can't find any information on this anywhere.
"Gary Clarkson" <gacl...@myrealbox.com> wrote in message
news:lwiSb.3425$Wh....@prv-forum2.provo.novell.com...
Matthias Lindner
looks a bit like the something has no rights to read the certificate,
or doesn't exist.
are you sure, you did NOT export the 'public key certificate'
but the 'self signed certficate' instead ?
/* thats my personal opinion 'bout the first post in this thread,
because this results if you follow the documentation of IDM2
word by word
*/
in 'novell's guide to dirxml' they say, that the certificate should
be "in the same container as the ncp-server object running/hosting
the driver set". maybe it's just at the wrong place.
in the next version of IDM they'll hopefully create a wizard for
the AD certificate too.
Jude McCormick schrieb:
Jude McCormick
reconfigured all the connections with the correct certificate but I'm still
getting the exact same error message.
"Matthias Lindner" <matthias...@nospampleasevng.de> wrote in message
news:tWKSb.4382$Wh....@prv-forum2.provo.novell.com...