Using Wildcart cert in Apache - managing Iprint now broken

Hey all

Using OES2015. I was forced to change our self-signed certificates in Apache since the release of IOS 11 now will not allow our users ipads to use web services on the OES servers with untrusted certificates. I followed the directions in TID 7009962 (How to configure Apache on OES or SLES to use a 3rd party certificate) And successfully got Apache to switch to our wildcard certificate from Commodo (great!). However, later I went to check a printer using the Manage Printer function under the Iprint section in Imanager and was greeted with the following error:

Error reading driver store information
java.lang.NullPointerException

Searching on that I found TID 7019004 (iPrint Manager: Error Reading Driver Store Information) Which tells me I am using the wrong certificate and key files (basically telling me to UNDO everything TID 7009962 told me to do!) Thinking it may just be the names and paths, I actually (after backing up the originals) renamed my new wildcard.crt and wildcard.key files in /etc/ssl/servercerts to servercert.pem and serverkey.pem and made the appropriate changes back in the vhost-ssl.conf file. I restarted apache2 and it was still using the wildcard cert, but Imanager still is giving the java error. Is there somewhere I need to get java to accept/use the 3rd party wildcard certificate?
  • On 09/26/2017 07:56 PM, ewaibel wrote:
    >
    > Hey all
    >
    > Using OES2015. I was forced to change our self-signed certificates in
    > Apache since the release of IOS 11 now will not allow our users ipads to
    > use web services on the OES servers with untrusted certificates. I
    > followed the directions in TID 7009962 (How to configure Apache on OES
    > or SLES to use a 3rd party certificate) And successfully got Apache to
    > switch to our wildcard certificate from Commodo (great!). However,
    > later I went to check a printer using the Manage Printer function under
    > the Iprint section in Imanager and was greeted with the following
    > error:
    >
    > Error reading driver store information
    > java.lang.NullPointerException
    >
    > Searching on that I found TID 7019004 (iPrint Manager: Error Reading
    > Driver Store Information) Which tells me I am using the wrong
    > certificate and key files (basically telling me to UNDO everything TID
    > 7009962 told me to do!) Thinking it may just be the names and paths, I
    > actually (after backing up the originals) renamed my new wildcard.crt
    > and wildcard.key files in /etc/ssl/servercerts to servercert.pem and
    > serverkey.pem and made the appropriate changes back in the
    > vhost-ssl.conf file. I restarted apache2 and it was still using the
    > wildcard cert, but Imanager still is giving the java error. Is there
    > somewhere I need to get java to accept/use the 3rd party wildcard
    > certificate?
    >
    >


    issue fixed with the latest maintenance patch, just released yesterday
  • Thanks - I applied the latest patches to a test server in our tree. After a reboot and installation of the latest iManager iPrint plugins, I was able to use it to manage iprint objects (after it pulled up the certificate trust page so I could bless the new wildcard certificate and the chain certificates).

    One thing that struck me as odd - after applying the patches, the graphic icons in iManager reverted back to the Novell branded ones (including the big red "N") even though it still reads "Micro Focus iManager"
  • On 09/27/2017 03:54 PM, ewaibel wrote:
    >
    > Thanks - I applied the latest patches to a test server in our tree.
    > After a reboot and installation of the latest iManager iPrint plugins, I
    > was able to use it to manage iprint objects (after it pulled up the
    > certificate trust page so I could bless the new wildcard certificate and
    > the chain certificates).
    >
    > One thing that struck me as odd - after applying the patches, the
    > graphic icons in iManager reverted back to the Novell branded ones
    > (including the big red "N") even though it still reads "Micro Focus
    > iManager"
    >
    >


    the issue was the certs using a long key that imanager plugin in could
    not handle and this is fixed on latest imanager plug in

    I do not see the icon as the big red N, still shows a big blue N on my
    server atfer all patches (they're some patches for imanager as well on
    the September maintenace patch)
  • Weird - my other (production) servers all show the big blue Micro Focus "square missing corners" icon in the left hand pane of the iManager login page (with a white Micro Focus square in the top left of the blue title bar). The one I just patched shows a red N and a blue N in a blue "marble" icon. Appears to be just cosmetic, but struck me as odd.

    I applied the new iManager plugins for iPrint and iManger base and framework on the patched server - there are a few I have not applied yet (edirectory 8.8 plugins and NetIQ Identity and Password manager) - I'll get to those shortly.