7003300: Identity Manager Error: SSL3_GET_RECORD:wrong version number

The connection between the Engine and the Remote Loader must beproperly configured. For all drivers there is a ‘RemoteLoader’ configuration line available in either iManager orDesigner. This line typically includes the followingparameters:


The parameter to configure the SSL between the Remote Loader andthe Engine is then added to the end of this as follows:

hostname=ipAddressOrDNSNameOfServerport=8090 kmo=’Certificate Short Name’

In this example the name of the certificate (an object of class’NDSPKI:Key Material’) associated with the server hosting the IDM(Identity Manager) engine is ‘Certificate Short Name’ and must be wrapped accordinglyin single quotation marks. The full name of the certificateas shown in iManager or ConsoleOne would look something like thefollowing:

Certificate Short Name -serverName

Via LDAP it may have looked like the following:

cn=Certificate Short Name -serverName,dc=servername,dc=server,dc=system

Keep in mind that only the short name of the certificate is used inthe Key Material Object (KMO) parameter within the driver configuration. On theRemote Loader side the exported trusted root certificate from thiscertificate or the self-signed certificate from the tree CA shouldbe imported per the Novell Identity Manager documentation.

If either the name of the certificate is specified incorrectly(lacking quotation marks, for example) or the certificate isspecified on one side of the connection but not the other then thiserror may be the result.
This error has also been seen with a connection timeout type issue. Setting handshaketimeout in the connection parameters has been reported to resolve the issue.


  • No Related Posts

Leave a Reply