Certificate Problem after upgrade from oes 11 sp2 to sp3

Hello Community,

I upgrade an old OES 11 SP2 to SP3 and now I have the Problem that I forgot to double check the certificates.

Now I tried to recreate them by using ndsconfig upgrade or the iManager but both is not working. The System will not recreate new Certificates.

As you now I am not able to patch the system online because of the old TLS.

Any suggestions? This would be great

Regards

Peter

Parents
  • 0

    Hello Mathias, hello Greiner.

    I know it´s pretty old and I wanted to update the System today to 2023 or 2024. 

    I deleted the Objects several times and also the CA. I will not geting an error, it just won´t create new certificates. Even in iManager manually or in eh console by ndsconfig upgrade. The ca an the sas objects are recrated fine.

    These are the result of ndsconfig:

    Extending schema... Done
    For more details view schema extension logfile: /var/opt/novell/eDirectory/log/schema.log

    Configuring HTTP service... Done
    Configuring LDAP service... Done
    Configuring SNMP service... Done
    Configuring SAS service... Done
    Associating certificate with the NCP server object... INFO: Server is already associated with a certificate.
    Done
    Configuring NMAS service... Done
    Configuring SecretStore...
    INFO: SecretStore extensions have already been added to the server.Done
    Configuring LDAP Server with default SSL CertificateDNS certificate...
    INFO: LDAP Server is already associated with SSL CertificateDNS certificate.
    Done
    Triggering the 'External Reference Check' process... Done

    The interessting thing is, that the eDir is working and ldap as well even it has an outdated certificate.

    Best Peter

  • 0   in reply to 

    So you've deleted the "SSL CertificateDNS" for the server in question, ran "ndsconfig upgrade" and get the message "INFO: LDAP Server is already associated with SSL CertificateDNS certificate"? Is there a new eDir object for "SSL CertificateDNS"?

  • 0 in reply to   

    yes

  • 0   in reply to 

    And what are the start and end dates if this certificate and of the CA?

  • 0 in reply to   

    2017 to 2027 or with the new one to 2034

Reply Children