We've a remote driver (conected by remote loader) running ok. Now we
would like to encrypt the connection (using SSL).

Following the documentation (IDM 3.5), we're exported to a file the
sefl-signed certificate (only the public key and using b64 format).

And finally, we've copied the file to the remote host, modified the
remote
loader paramenters and modified the remote loader connetion paramenters
in
the driver properties.

When we restarted the driver, no comunication appears to be stablished

(the remote loader log shows it was specting for a SSL connection).
Looking at the driver log, this error was showed:

DirXML Log Event -------------------
Driver: \METADIRLAB\ORG\DrvSet\Drv
Channel: Publisher
Status: Error
Message: java.io.IOException: Unable to read certificate,
error:1412D194:SSL routines:SSL_CTX_use_KMO:read cache failed, error
:1412D198:SSL routines:SSL_CTX_use_KMO:Get server KMO failed
at com.novell.nds.ntls.NTLSSocket.SSL_CTX_new(Native Method)
at
com.novell.nds.ntls.NTLSSocket.SSL_CTX_new(NTLSSoc ket.java:575)
at com.novell.nds.ntls.NTLSSocket.connect(NTLSSocket. java:220)
at java.net.Socket.connect(Unknown Source)
at com.novell.nds.ntls.NTLSSocket.<init>(NTLSSocket.j ava:189)
at com.novell.nds.ntls.NTLSSocket.<init>(NTLSSocket.j ava:95)
at
com.novell.nds.dirxml.driver.ssl.ntls.NTLSKmoFacto ry.createSocket(NTLSKmoFactory.java:128)
at
com.novell.nds.dirxml.remote.SocketStream.connect( SocketStream.java:419)
at
com.novell.nds.dirxml.remote.Connection.connectStr eam(Connection.java:654)
at
com.novell.nds.dirxml.remote.Connection.connect(Co nnection.java:336)
at
com.novell.nds.dirxml.remote.driver.PublicationShi mImpl.start(PublicationShimImpl.java:113)
at
com.novell.nds.dirxml.engine.Publisher.run(Publish er.java:388)
at java.lang.Thread.run(Unknown Source)

The certificate object DN we're using is METADIRLAB CA.Security
(METADIRLAB is our tree name); and the exported file name
is "METADIRLAB_CA.b64".

The only change we've made in driver configuration has been adding an
additional field in "remote connection parameters" tag:
(before) hostname=aa.bb.cc.dd port=xxxx
(after) hostname=aa.bb.cc.dd port=xxxx kmo=METADIRLAB_CA


--
luisfe
------------------------------------------------------------------------
luisfe's Profile: http://forums.novell.com/member.php?userid=6023
View this thread: http://forums.novell.com/showthread.php?t=352085