Hi All,

I am trying to configure a RACF driver with SSL enabled.
1. I tried to run the SETCERT command as given in pdf in order to secure
my driver shim. But I got this error.

\"UPON CONNECTING THE DRIVER WAS UNABLE TO LOCATE CA. MAKE SURE YOUR
SYSTEM HAS A SOURCE OF ENTROPY TO BE USED BY SSL AND YOUR LDAP SERVER IS
CONFIGURED PROPERLY WITH SSL\"

2. So after that I tried to manually provide the certificate.

I EXPORTED THE SELF SIGNED CERTIFICATE FROM IMANAGER IN BASE64 FORMAT
AND USING OPENSSL I CONVERTED IT TO .PEM. AND PLACED THE CERTIFICATE IN
DESIRED PATH AT RACF END.

3. After that I configured all other components at RACF end , and they
started successfully without any error.

4. But when I am starting my driver , it is throwing below error.

[11/01/14 02:16:24.408]:dracf ST:Remote Interface Driver: start
getSchema()
[11/01/14 02:16:24.408]:dracf ST:Remote Interface Driver: Opening
connection...
[11/01/14 02:16:24.408]:dracf ST:Remote Interface Driver: Client socket
parameters: hostname = '172.25.235.1' port = 8090 KMO = 'SSL
CertificateDNS' SSL mode = server
[11/01/14 02:16:24.409]:dracf ST:Remote Interface Driver: Creating an
NTLSSocket
[11/01/14 02:16:25.151]:dracf ST:Remote Interface Driver: end
getSchema()
[11/01/14 02:16:25.151]:dracf STriverShim.getSchema() returned:
[11/01/14 02:16:25.151]:dracf ST:
<nds dtdversion="4.0" ndsversion="8.x">
<output>
<status level="fatal" type="remoteloader">java.io.IOException: SSL
handshake failed, SSL_ERROR_ZERO_RETURN, error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca</status>
</output>
</nds>
[11/01/14 02:16:25.153]:dracf ST:
DirXML Log Event -------------------
Driver: \SEI\system\SEI Driver Set\DRACF
Status: Fatal
Message: java.io.IOException: SSL handshake failed,
SSL_ERROR_ZERO_RETURN, error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca.


Please let me know , what is wrong here. Also why the driver shim did
not pick the certificate automatically when I ran SETCERT command ?


Regards,


--
zeeshan_cts
------------------------------------------------------------------------
zeeshan_cts's Profile: https://forums.netiq.com/member.php?userid=5574
View this thread: https://forums.netiq.com/showthread.php?t=52078