Who Me Too'd this topic

Who Me Too'd this topic

Respected Contributor.
Respected Contributor.
569 views

edir REST API x509: certificate specifies an incompatible key

Good day everybody

I'm trying to set up the eDirectory REST services folowing the steps in this URL "https://www.netiq.com/documentation/edirectory-92/edir_admin/data/t48p80wuk3nd.html". without osp.

I've exported the following certificates via iManager:
-The certificate of the CA from eDir in b64 format (SSCert.pem)
-A standard certificate generated via iManager in a pfx format including the private key (keys.pfx)

When I start the container, it starts fine, printing the following output:

#>cat container-startup.log
Configuring eDirAPI Server...
Creating config mode file @ /etc/opt/novell/eDirAPI/conf/.configured
Generating key-pairs...Storing password securely...
Successfully written the password of admin,sa,system to the local secret config file
Setting IDCONSOLEMODE from Environment to false

However, the edirapi.log throws the following error:

#>cat edirapi.log
{"ldapServer":"192.168.56.202:636","level":"fatal","msg":"LDAP Result Code 200 \"Network Error\": x509: certificate specifies an incompatible key usage","time":"Friday, 11-Sep-20 02:06:49 UTC"}

I've tried different combinations of key usages in the pfx certificate but the error persists. I've also tried changing the "loglevel" to "debug/info" parameter in the "edirapi.conf" file but I haven't been able to get more details on this error.

Does anybody know what's the correct key usage specification for this certificate? Has anyone been able to set up this edirapi container?

We are running eDirectory for Linux x86_64 v9.2 [DS]

Thanks in advance for your help.

Who Me Too'd this topic
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.