Solution

Status: Awaiting Customer Action -> Active

The CA has been re-created on this site so the one in the java keystore cacerts file is not valid.

Default keystore password is : - changeit

Find the keystore that the userapp is using:-

find / -name "cacerts" -print

Valid one should be in a directory path like:- ../novell/idm/jre/lib/security

View the keystore:-

keytool -list -keystore cacerts

Was showing the following:-
Certificate fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
o=harper, ou=organizational ca, 12-Apr-2007, trustedCertEntry,

Export out the tree CA with openssl and convert it from a pem to a der format:-

openssl s_client -host 127.0.0.1 -port 636 -showcerts > cert.info
Open the cert.info file and search for the Organizational CA, which looks like...

1 s:/OU=Organizational CA/O=SL-MARA
i:/OU=Organizational CA/O=SL-MARA
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIkAhwR7NDveqBk7Yap75iadAiKO2dyqtAN88Y9aqr+AgIB

Copy from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- and paste to a new file, saving in the format of a .pem file (such as cert.pem).

Convert the .pem format certificate into .der format by using the x509 command

openssl x509 -in cert.pem -out cert.der -outform der

Next backup the cacerts keystore file.

cp cacerts cacerts.bak

Remove the old ca entry from the cacerts keystore
keytool -delete -alias "alias name"

Add the new ca to the cacerts keystore
keytool -import -trustcacerts -alias "alias name" -file cert.der -keystore cacerts


keytool -list -keystore cacerts - now shows

Certificate fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
o=harper, ou=organizational ca, 04-Aug-2009, trustedCertEntry,