gtejo1 Absent Member.
Absent Member.
253 views

IDM - UserApplication - Certificate error - Code(-9205)

hello everyone,I continue insisting with the errors in the certificates. On the process of doing a clean install of the User Application 4.7, with IDM 4.7, once i had set the SSL on the tomcat, i started the tomcat succesfully and enter to the login page of the UserApp. But now, when i try to loggin, i get this errors:
In the frontend:



And in the tomcat log:




Doing some google research, i fall into this support post:
https://support.microfocus.com/kb/doc.php?id=7022364
https://support.microfocus.com/kb/doc.php?id=7018047

Both tell me the same thing, that the IDM engine certificate is not the same as the User Application certificate. So i imported the certificate used by the User Application into the IDM cacerts (in the path /opt/netiqhttps://www.novell.com/common/jre/lib/security) and restarted the eDirectory. The error continues. So i downloaded a the keystore explorer and oponeded both keystores side by side, this is what i can see (left for User Application keytore, right for IDM eDirectory keystore):



Both certificates are the same, expires on the exactly the same date and both are in the same version. So now the IDM engine and the UserApplication have the same certificate. ¿Why this error continues?
Labels (1)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: IDM - UserApplication - Certificate error - Code(-9205)

On 4/17/2019 11:44 AM, gtejo wrote:
>
> hello everyone,I continue insisting with the errors in the certificates.
> On the process of doing a clean install of the User Application 4.7,
> with IDM 4.7, once i had set the SSL on the tomcat, i started the tomcat
> succesfully and enter to the login page of the UserApp. But now, when i
> try to loggin, i get this errors:
> In the frontend:
>
> [image: https://i.imgur.com/cNnigVP.png]
>
> And in the tomcat log:
>
> [image: https://i.imgur.com/spHtYbK.png]
>
>
> Doing some google research, i fall into this support post:
> https://support.microfocus.com/kb/doc.php?id=7022364
> https://support.microfocus.com/kb/doc.php?id=7018047
>
> Both tell me the same thing, that the IDM engine certificate is not the
> same as the User Application certificate. So i imported the certificate
> used by the User Application into the IDM cacerts (in the path
> /opt/netiqhttps://www.novell.com/common/jre/lib/security) and restarted
> the eDirectory. The error continues. So i downloaded a the keystore
> explorer and oponeded both keystores side by side, this is what i can
> see (left for User Application keytore, right for IDM eDirectory
> keystore):
>
> [image: https://i.imgur.com/QTc5kkw.png]
>
> Both certificates are the same, expires on the exactly the same date and
> both are in the same version. So now the IDM engine and the
> UserApplication have the same certificate. �Why this error continues?


As I keep noting, not just cacerts. Also in the tomcat and osp keystores.

0 Likes
gtejo1 Absent Member.
Absent Member.

Re: IDM - UserApplication - Certificate error - Code(-9205)

That was the solution geoffc!! Thanks you very much and have a good day!
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM - UserApplication - Certificate error - Code(-9205)

On 4/17/2019 12:14 PM, gtejo wrote:
>
> That was the solution geoffc!! Thanks you very much and have a good day!


There is no harm in over trusting CA certs, so blast those suckers into
all three keystores. (Do not forget the NAM cert for SAML if you are
using it).


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.