Zan
New Member.
192 views

Linux Java Remote Loader: Error during SSL handshake

Hello,
I am fairly new to identity manager. I am trying to connect two OES2018 SP1 virtual machines, one has the IDM 4.7.2 and the other Java remote loader.
I want to connect them using mutual authentication but I keep getting following error:

<status level="error" type="remoteloader">java.io.IOException: Error during SSL handshake
at com.novell.nds.dirxml.remote.SocketStream.connect(SocketStream.java:643)
at com.novell.nds.dirxml.remote.Connection.connectStream(Connection.java:853)
at com.novell.nds.dirxml.remote.Connection.connect(Connection.java:507)
at com.novell.nds.dirxml.remote.driver.PublicationShimImpl.start(PublicationShimImpl.java:113)
at com.novell.nds.dirxml.engine.Publisher.run(Publisher.java:607)
at java.lang.Thread.run(Thread.java:748)
</status>


I tried different things like using any possible configuration, different kind of certificates, using different kind of exporting them, different kind of certificate stores, from direct to certificate file java keystore.ks, also tried renaming subject in client certificate to the name of the remote loader server, but nothing seems to work.

Could anyone help, or does anybody have any ideas?

I suspect the configuration file is wrong, but where? (any linux java remote loader configuration with mutual authentication file example would be greatly appreciated)
Current configuration (tried a lot of them but think this one should be ok, the problem I suspect must be in the connection part):

-description "Driver1"
-commandport 8000
-connection "port=8090 fromaddress=IDM.organization.si useMutualAuth=true keystore='/opt/netiqhttps://www.novell.com/common/jre/lib/security/vol1KMO_client.ks' key=vol1KMO handshaketimeout=0"
-trace 5
-tracefile "/root/Desktop/driver1.log"
-tracefilemax 100M
-class "this.one.does.not.matter"


please ignore "https://www.novell.com" it keeps getting inserted

Another thing: Is there any way to get more information out of the error than just Error during SSL handshake?
Labels (1)
0 Likes
2 Replies
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: Linux Java Remote Loader: Error during SSL handshake

On 07.06.19 14:44, zan wrote:
>
> Hello,
> I am fairly new to identity manager. I am trying to connect two OES2018
> SP1 virtual machines, one has the IDM 4.7.2 and the other Java remote
> loader.
> I want to connect them using mutual authentication but I keep getting
> following error:
>
> -<status level="error" type="remoteloader">java.io.IOException:
> Error during SSL handshake
> at
> com.novell.nds.dirxml.remote.SocketStream.connect(SocketStream.java:643)
> at
> com.novell.nds.dirxml.remote.Connection.connectStream(Connection.java:853)
> at com.novell.nds.dirxml.remote.Connection.connect(Connection.java:507)
> at
> com.novell.nds.dirxml.remote.driver.PublicationShimImpl.start(PublicationShimImpl.java:113)
> at com.novell.nds.dirxml.engine.Publisher.run(Publisher.java:607)
> at java.lang.Thread.run(Thread.java:748)
> </status>-
>
> I tried different things like using any possible configuration,
> different kind of certificates, using different kind of exporting them,
> different kind of certificate stores, from direct to certificate file
> java keystore.ks, also tried renaming subject in client certificate to
> the name of the remote loader server, but nothing seems to work.
>
> *Could anyone help, or does anybody have any ideas?*
>
> *I suspect the configuration file is wrong, but where?* (any linux java
> remote loader configuration with *mutual authentication* file *example
> would be greatly appreciated*)
> Current configuration (tried a lot of them but think this one should be
> ok, the problem I suspect must be in the connection part):
>
> --description "Driver1"
> -commandport 8000
> -connection "port=8090 fromaddress=IDM.organization.si
> useMutualAuth=true
> keystore='/opt/netiq/common/jre/lib/security/vol1KMO_client.ks'
> key=vol1KMO handshaketimeout=0"
> -trace 5
> -tracefile "/root/Desktop/driver1.log"
> -tracefilemax 100M
> -class "this.one.does.not.matter"-
>
> *Another thing: Is there any way to get more information out of the
> error than just Error during SSL handshake?*
>
>



Hi,

Did you try to export the public key from the selfsigned certificate on
the CA. And then add that to an empty keystore?



Casper
0 Likes
Zan
New Member.

Re: Linux Java Remote Loader: Error during SSL handshake

Yes, but I think there is a problem in configuration file because I specify the keystore path and key name (which is vol1KMO) this is private key, but where can I specify the name of public key? they are pair...perhaps that is the problem? The public key of private key is the same key as the one in the identity manager....so to dumb it down:
Remote loader has a trust keystore in it is: vol1KMO (private), trustedcert (public)
IDV has idmKMO KMO set as KMO, which is same as trustedcert (public)-I know that because I tried to import it in the same keystore in remote loader and was notified that it already exists in the keystore
If the problem is using the same public key than how do I specify in remote loader and IDV which private key should they use and which public key should they check
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.