Some of you may have struck the Certificates does not conform to algorithm constraints issue with Sentinel and been a bit confused by the original response of “A proper resolution is to use custom certificates on the logging applications that use strong encryption (key sizes of 1024 or more). Once all applications have been updated, the restriction can be put back in place.” as stated in TID 7014219.
When it comes to eDirectory, Identity Manager, iManager, and Access Manager, the default certificate is actually buried in the Platform Agent (PA) binaries that are distributed by each product, so requires patching from engineering to rectify.
Fixes are now available (most of the bugs are restricted to Attachmate employees, so you may get a “You are not authorized to access bug #xxxxxx” message if you try to view them).
Identity Manager Bug 859236 is recently resolved and is available in the upcoming v4.5 release. If you run the current v4.0.2 release, you need to raise a Service Request to gain the patch from this bug (remember to reference the bug number in your SR).
When patching, make sure the lcache process is stopped when patching eDirectory and Identity Manager (doesn’t stop with eDirectory):
ps -ef | grep -i lcache
kill -9 insert-lcache-pid-here
The lcache process will automatically start again with eDirectory.
More articles on my Website.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.