I am trying to setup an SSL connection between our iFolder 3.7 server and our Active Directory server. I am running through the simias-server-setup script and when it comes time for the certificate to be given to the iFolder server I get an error:
Installing certificate from ldaps://AD Server/...
Ldap certificate :
Mono Certificate Manager - version 1.2.6.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2007 Novell. BSD licensed.
X.509 Certificate v3
Issued from: DC=x, DC=x, DC=x, CN=AD Server
Issued to: CN=AD Server
Valid from: 01/24/2009 16:56:04
Valid until: 01/24/2010 16:56:04
----- ACCEPT LDAP CERTIFICATE -----
Accept LDAP Certificate? [Y]:
Done
Connecting to ldaps://AD Server/...Detected errors in the Server Certificate:
-2146762486
Failed
LdapException: (91) Connect Error
System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server.
at Mono.Security.Protocol.Tls.Handshake.Client.TlsSer verCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
at Mono.Security.Protocol.Tls.Handshake.Client.TlsSer verCertificate.ProcessAsTls1 () [0x00000]
at Mono.Security.Protocol.Tls.Handshake.HandshakeMess age.Process () [0x00000]
at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMess age:Process ()
at Mono.Security.Protocol.Tls.ClientRecordProtocol.
Pr ocessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000]
at Mono.Security.Protocol.Tls.RecordProtocol.Internal ReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] --- End of inner exception stack trace ---
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHand shakeCallback (IAsyncResult asyncResult) [0x00000]
at Novell.Directory.Ldap.LdapResponse.chkResultCode () [0x00000]
at Novell.Directory.Ldap.LdapConnection.chkResultCode (Novell.Directory.Ldap.LdapMessageQueue queue, Novell.Directory.Ldap.LdapConstraints cons, Novell.Directory.Ldap.LdapResponse response) [0x00000]
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version, System.String dn, System.SByte[] passwd, Novell.Directory.Ldap.LdapConstraints cons) [0x00000]
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version, System.String dn, System.String passwd, Novell.Directory.Ldap.LdapConstraints cons) [0x00000]
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn, System.String passwd, AuthenticationTypes authenticationTypes) [0x00000]
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn, System.String passwd) [0x00000]
at Novell.iFolder.Utility.LdapUtility.Connect () [0x00000]
at Novell.iFolder.SimiasServerSetup.SetupLdap () [0x00000]
at Novell.iFolder.SimiasServerSetup.Configure () [0x00000]
at Novell.iFolder.SimiasServerSetup.Main (System.String[] args) [0x00000]
FAILED
We have revoked this cert and generated a new one but iFolder still seems to want this particular cert. How does iFolder decide what certificate it wants if there are multiple certs on the box? Is this a setting I can change? Any advice would be greatly appreciated.
Also, I can get iFolder to work fine if I do not setup LDAP to be secure.
Thanks,
Jon
Setting up SSL on iFolder 3.7 with AD
Threaded Mode
