Messenger 3 Install Ldap SSL Certificate Location Error

I'm installing a New Messenger 3.0 System. During the install I choose Ldap to access eDirectory. I then choose Yes to use SSL for Ldap Connections.

When I am prompted to enter the path to the Ldap Servers Root Certificate I receive the following message:

Error: regular file /etc/ssl/servercerts does not exist.
Check to make sure the certificate has been exported and the path is correct.

The path contains the certificate and key pem files. I've tried exporting the certificate to that path in der format.

What exactly is the Messenger 3.0 install looking for regarding the Ldap Servers Root Certificate?

Tags:

  • Hi,

    What are you using to export the eDirectory root certificate? iManager or ConsoleOne?

    Let us know.

    Cheers,
  • Hi,

    If memory serves me correctly when the install of Messenger asks for the path to the certificate you need to give the full path (case sensitive) and include the name of the certificate file. Does that shed any light on this for you?

    Cheers,
  • Hi,

    Further to what I've said above, just to double-check your process, I've found the following steps in some documentation:

    From the Linux server, run ConsoleOne and connect to the eDirectory replica server.

    Browse to the LDAP Server object in the tree, right-click the LDAP Server object, then select Properties.

    Click the SSL/TLS Configuration tab. The certificate name is displayed in the Server Certificate field.

    In the ConsoleOne tree, browse to the certificate that was displayed in the Server Certificate field.

    Right-click the certificate, then select Properties.

    Click the Certificate tab, then select Trusted Root Certificate.

    Click Export.

    Select No to not export the private key, then click Next.

    Select File in binary DER format.

    Specify the location and file name to save the certificate as, then click Next.

    Click Finish to export the trusted root certificate.

    During the Messenger installation, you need to specify the path to the trusted root certificate to use LDAP SSL.


    I suggest that you do not overwrite the .pem files in your /etc/ssl directory, but rather store this certificate in a sub-directory of your actual Messenger install.

    This little gem of information can be found in a rather obscure place in the documentation: https://www.novell.com/documentation/novell_messenger30/messenger30_install/data/b3n6bpd.html#b47oeoq

    Let us know how it goes.

    Cheers,
  • Is the Messenger install looking specifically for the .der file or .pem file?

    I will attempt to include the certificate name when prompted for the path.

    I thought that I read in the install documentation that the install will actually copy the certificate information from the exported SSL certificate location specified to /opt/novell/messenger install directory but I do need to verify that.

    Thanks for your help. I will post my findings.
  • Laura, you are correct, the install is looking for the specific certificate file to be included in the path.

    ex: /etc/ssl/servercerts/TrustedRootCert.der

    Same requirement if selecting yes to SSL Messenger Agents, but in that case it is looking for the .pem files

    ex: /etc/ssl/servercerts/servercert.pem and /etc/ssl/servercerts/serverkey.pem

    Also, once the install is complete, it will copy those certificates to /opt/novell/messenger/certs which is the reflected certificate location when looking at the messenger security properties in eDirectory.

    Thanks again for your help.
  • Hi,

    Messenger will specifically look for your .der file.

    Please let us know how it goes.

    Cheers,
  • Hi,

    Sorry, I missed this post before posting above.

    Many thanks for reporting back you findings - that way we all learn.

    So glad that you got it working :)

    Cheers,