Cannot establish a SSL connection to the Remote Loader.

(Last modified: 02Apr2004)

This document (10092257) is provided subject to the disclaimer at the end of this document.

fact

Nsure Identity Manager 2.0

DirXML Remote Loader

symptom

Cannot establish a SSL connection to the Remote Loader.

DirXML trace shows error: SSL protocol failure: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Did follow the steps on page 45/46 of the Nsure Identity Manager Admin Guide (January 15, 2004) step by step.

cause

In the documentation at step 6 and 7 it is not mentioned which certificate you need to export. The Certificates tab has two certificates available to be exported, the Public Key and the Self-signed certificates. The error will occur if you export the first one (Public Key).

fix

You need to select the Self Signed Certificate and export it without the private key and in b64 format.

When you now start the remote loader with this certificate a SSL connection will be established.

note

In order to see the error you may need to set the trace on the Remote Loader level 4 and then checking the trace, you can see following error:

DirXML: [03/30/04 17:12:37.54]:
DirXML Log Event -------------------
    Thread  = Subscriber Channel
    Level   = error
    Message = SSL protocol failure: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

document

Document Title: Cannot establish a SSL connection to the Remote Loader.
Document ID: 10092257
Solution ID: NOVL96339
Creation Date: 01Apr2004
Modified Date: 02Apr2004
Novell Product Class:DirXML

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.