Problem:
After upgrading to SCM 12.6 and putting the SSL Certificate out to the site, we are unable to access LDPA info from the SCM server.
Environment:
Redhat Linux 6 Broker.
Cause:
The SSL Certificates were not correct. The cert that we were trying to use was not enough. It required a Certificate chain for the tlstrcert option in hauthtst. The certificate that was generated was certchain.pem. It included the root and subordinate keys from the LDAP server. A privet key was also required.
Resolution:
1. Step One: The initial verification of the Certificates should be done outside the Harvest command set as follows.
openssl s_client -CApath <path to certificate> -CAfile "<certificate file name>" -connect <Ldap server fully qualified>:<Ldap port, std=636>
You must see "verify return:1" in the top returned message.
2. Step Two: After successful openssl verification you must move to hauthtst command to verify on the Harvest side as follows:
hauthtst -authmode=openldap "username of the testing user" -ldapmode=SSL -ldapport=636 -ldapserver=<where the LDAP Server is located> -ldapbasedn="<As defined by the LDAP Administrator>" -ldapbinddn="<As defined by the LDAP Administrator>" -ldapbindpw="********" -ldapfilter="<As defined by the LDAP Administrator>" -ldapattrusrname=<As defined by the LDAP Administrator> -tlskeyfile="<As defined by the LDAP Administrator>" -tlstrcertfile="<path and name of file generated in step one>" -ldapdebuglevel=-1
3. Step Three: After successful connection, create a dfo file using the userid and password in the previous command. Replace option -ldapbindpw="****** with -ldapbindpwfile="<encripted password file name>". Run the hauthtst command again.
4. Step Four: When successful populate the HServer.arg file with the options in the previous command. Leave out -ldapdebuglevel=-1.
You should be ready to start the Broker process and verify the Hservers start properly. Verify that Workbench can login to the broker.
Additional Information:
More information is available in the Harvest Implementation Guide, Chapter 15.