Absent Member.
Absent Member.
2276 views

Certificate issues

I am getting "Use of key SSL CERTIFICATEIP failed" and apache and tomcat won't load. When I run pkidiag it fails at step 6 with:
*******************************************************
Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 192.168.2.13
ERROR -1660572248. The KMO SSL CertificateIP exists, but I can't decode it.
PROBLEM: Need to rename 'SSL CertificateIP - ZIG_002.Market.Stores'.
Fix: Successfully changed 'SSL CertificateIP - ZIG_002.Market.Stores' to 'Old1 SSL CertificateIP - ZIG_002.Market.Stores'.
FIXING: Creating SSL CertificateIP (192.168.2.13)
Pausing for 5 seconds because of error 49934
ERROR 49934 creating SSL CertificateIP.
--> Number of Server DNS names for the IP address 192.168.2.13 = 1
--> The server's default DNS name is:
ZIG_002
ERROR -1240. The KMO SSL CertificateDNS exists, but we can't decode it.
PROBLEM: Need to rename 'SSL CertificateDNS - ZIG_002.Market.Stores'.
Fix: Successfully changed 'SSL CertificateDNS - ZIG_002.Market.Stores' to 'Old1 SSL CertificateDNS - ZIG_002.Market.Stores'.
FIXING: Creating SSL CertificateDNS (ZIG_002)
Pausing for 5 seconds because of error 49934
ERROR 49934 creating SSL CertificateDNS.
Step 6 failed 49934.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 0
Problems fixed: 0
Un-fixable problems found: 0
********************************************************
I am no expert when it comes to this kind of thing so any ideas would be appreciated.
Labels (1)
Tags (3)
0 Likes
3 Replies
Absent Member.
Absent Member.

I would guess there's no valid CA in that tree, would that be right?

Andrew C Taubman (Sorry, support is not provided via e-mail) Opinions expressed above are not necessarily those of Micro Focus.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

drylbrg wrote:

>
> I am getting "Use of key SSL CERTIFICATEIP failed" and apache and
> tomcat won't load. When I run pkidiag it fails at step 6 with:
> *******************************************************
> Step 6 Creating IP and DNS Certificates if necessary.
> --> Number of Server IP addresses = 1
> --> The default IP address is: 192.168.2.13
> ERROR -1660572248. The KMO SSL CertificateIP exists, but I can't
> decode it.
> PROBLEM: Need to rename 'SSL CertificateIP -
> ZIG_002.Market.Stores'.
> Fix: Successfully changed 'SSL CertificateIP -
> ZIG_002.Market.Stores' to 'Old1 SSL CertificateIP -
> ZIG_002.Market.Stores'.
> FIXING: Creating SSL CertificateIP (192.168.2.13)
> Pausing for 5 seconds because of error 49934
> ERROR 49934 creating SSL CertificateIP.
> --> Number of Server DNS names for the IP address 192.168.2.13 = 1
> --> The server's default DNS name is:
> ZIG_002
> ERROR -1240. The KMO SSL CertificateDNS exists, but we can't decode
> it.
> PROBLEM: Need to rename 'SSL CertificateDNS -
> ZIG_002.Market.Stores'.
> Fix: Successfully changed 'SSL CertificateDNS -
> ZIG_002.Market.Stores' to 'Old1 SSL CertificateDNS -
> ZIG_002.Market.Stores'.
> FIXING: Creating SSL CertificateDNS (ZIG_002)
> Pausing for 5 seconds because of error 49934
> ERROR 49934 creating SSL CertificateDNS.
> Step 6 failed 49934.


Go to the Ca object in the security container. Open it and check if
there is a hostserver attribute populated with a valid server name. If
not, delete it and recreate it. Run pkidiag on all servers in your tree
or use the iManager snapins for it to create all the default certs
(also for your linux servers).

All servers will require a reboot in order to start using the
certificates.



--
Cheers,
Edward
0 Likes
Absent Member.
Absent Member.

Go to the Ca object in the security container. Open it and check if
there is a hostserver attribute populated with a valid server name. If
not, delete it and recreate it. Run pkidiag on all servers in your tree
or use the iManager snapins for it to create all the default certs
(also for your linux servers).

All servers will require a reboot in order to start using the
certificates.



--
Cheers,
Edward

That makes sense. I'll try what you suggest. Thanks.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.