Hi there, I am having difficulty getting SSL going between the IDM
Engine and the Remote Loader for the Active Directory Driver.

The trace screen error I am getting on startup of the Remote Loader

DirXML Log Event -------------------
Thread = Subscriber Channel
Level = fatal
Message = Error initializing connection to DirXML: SSL library
initialization error: error:0B084009:x509 certificate
routines:X509_load_cert_crl_file:PEM lib
DirXML: [06/18/09 20:29:47.44]: Loader: This instance is running as a
service. Use the service control manager to unload this instance.

The SSL setup I used is as follows:

I issued a custom server certificate signed by the NDS Tree CA,
accepted all defaults except for validity period which I set to maximum.
In the driver configuration I added kmo='<certificate name>' to the
Remote loader connection parameters. I also set 'Digitally sign and seal
communications' to Yes.

I also exported the Organisational CA's self-signed certificate without
private key as BASE64, copied it to the remote loader and configured it
as the trusted root file.

The IDM Engine is 3.5.1 Bundle Edition with IDM 3.5.1 Engine Patch 3
This is installed on OES2 SP1 / SLES10 SP2 with no additional patches.

The Remote Loader has been patched with IDM 3.6/3.5.1 Active Directory
Driver Version 3.5.4 Patch 2a 20081208.

The Remote Loader is hosted on a Windows Server 2003 R2 SP2 domain

The driver config file I used is ActiveDirectory-IDM3_5_1-V1.xml

What may I have missed here?



andy10's Profile: http://forums.novell.com/member.php?userid=12927
View this thread: http://forums.novell.com/showthread.php?t=377259