The iManager Java keystore only has the tree CA certificates by default and does not have any third party CA certificates. Hence various plug-ins such as Groups, NMAS, Password Policy are unable to connect to eDirectory over LDAPS and displays error messages when eDirectory uses a certificate issued by a third party CA.
To troubleshoot this issue, perform the following steps:
Linux:
Import the external CA certificate into the JRE keystore file in the following location: /opt/novell/jdk1.8.0_66/jre/lib/security/cacerts
For more information about importing the external CA certificates, see Secure LDAP Certificates.
Restart the Tomcat service.
Windows:
Import the external CA certificate into the JRE keystore file in the following location: C:\Program Files\Novell\jre\lib\security\cacerts
For more information about importing the external CA certificates, see Secure LDAP Certificates.
Restart the Tomcat service.