Highlighted
Super Contributor.
Super Contributor.
1822 views

Messenger 3 Install Ldap SSL Certificate Location Error

I'm installing a New Messenger 3.0 System. During the install I choose Ldap to access eDirectory. I then choose Yes to use SSL for Ldap Connections.

When I am prompted to enter the path to the Ldap Servers Root Certificate I receive the following message:

Error: regular file /etc/ssl/servercerts does not exist.
Check to make sure the certificate has been exported and the path is correct.

The path contains the certificate and key pem files. I've tried exporting the certificate to that path in der format.

What exactly is the Messenger 3.0 install looking for regarding the Ldap Servers Root Certificate?
Labels (1)
0 Likes
8 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Messenger 3 Install Ldap SSL Certificate Location Error

Hi,

What are you using to export the eDirectory root certificate? iManager or ConsoleOne?

Let us know.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: Messenger 3 Install Ldap SSL Certificate Location Error

I used iManager to export.
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Messenger 3 Install Ldap SSL Certificate Location Error

Hi,

If memory serves me correctly when the install of Messenger asks for the path to the certificate you need to give the full path (case sensitive) and include the name of the certificate file. Does that shed any light on this for you?

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Messenger 3 Install Ldap SSL Certificate Location Error

Hi,

Further to what I've said above, just to double-check your process, I've found the following steps in some documentation:

From the Linux server, run ConsoleOne and connect to the eDirectory replica server.

Browse to the LDAP Server object in the tree, right-click the LDAP Server object, then select Properties.

Click the SSL/TLS Configuration tab. The certificate name is displayed in the Server Certificate field.

In the ConsoleOne tree, browse to the certificate that was displayed in the Server Certificate field.

Right-click the certificate, then select Properties.

Click the Certificate tab, then select Trusted Root Certificate.

Click Export.

Select No to not export the private key, then click Next.

Select File in binary DER format.

Specify the location and file name to save the certificate as, then click Next.

Click Finish to export the trusted root certificate.

During the Messenger installation, you need to specify the path to the trusted root certificate to use LDAP SSL.


I suggest that you do not overwrite the .pem files in your /etc/ssl directory, but rather store this certificate in a sub-directory of your actual Messenger install.

This little gem of information can be found in a rather obscure place in the documentation: https://www.novell.com/documentation/novell_messenger30/messenger30_install/data/b3n6bpd.html#b47oeoq

Let us know how it goes.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: Messenger 3 Install Ldap SSL Certificate Location Error

Is the Messenger install looking specifically for the .der file or .pem file?

I will attempt to include the certificate name when prompted for the path.

I thought that I read in the install documentation that the install will actually copy the certificate information from the exported SSL certificate location specified to /opt/novell/messenger install directory but I do need to verify that.

Thanks for your help. I will post my findings.
0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: Messenger 3 Install Ldap SSL Certificate Location Error

Laura, you are correct, the install is looking for the specific certificate file to be included in the path.

ex: /etc/ssl/servercerts/TrustedRootCert.der

Same requirement if selecting yes to SSL Messenger Agents, but in that case it is looking for the .pem files

ex: /etc/ssl/servercerts/servercert.pem and /etc/ssl/servercerts/serverkey.pem

Also, once the install is complete, it will copy those certificates to /opt/novell/messenger/certs which is the reflected certificate location when looking at the messenger security properties in eDirectory.

Thanks again for your help.
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Messenger 3 Install Ldap SSL Certificate Location Error

Hi,

Messenger will specifically look for your .der file.

Please let us know how it goes.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Messenger 3 Install Ldap SSL Certificate Location Error

Hi,

Sorry, I missed this post before posting above.

Many thanks for reporting back you findings - that way we all learn.

So glad that you got it working 🙂

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.