nicolasosorio Regular Contributor.
Regular Contributor.
1348 views

Expired CA and Server Certificates

Hi everyone,

Scenario:

1. CA (Certificate Authority) is expired
2. Server certificates are expired or unable to read CRL (the ones which are not expired)

Procedure:

Delete CA:

  1. From “Directory Administration” -> Delete Object


    Create new CA:

    1. From “NetIQ Certificate Server” -> Configure Certificate Authority
    2. Standar creation. (We tried with custom too)
    3. Restart eDirectory.


      Then we tried to Create Default Certificates and Repair Default Certificates and both acctions give us the following errors:

      iManager error:
      "Server Certificate (Key Material) Creation Error
      There was an error while trying to create the Server Certificate. You need to delete the Server Certificate, if it exists, and start the creation process again.
      The error code is: "

      PKIHelath.log:
      Step 6 Create Default Certificates
      PKI_NPKICreateContext returned 0.
      PKI_NPKISetTreeName returned 0.
      PKI_NPKIDSLoginAsServer returned 0.
      error 49186 from NPKICreateDefaultCertificates.
      Step 6 failed 49186.


      Environment:
      Only one server
      eDirectory 9 SP3 Patch 1 40005.13
      Imanager 3.0.3.2
      IDM 4.5.6
      Tomcat 8
Labels (1)
0 Likes
1 Reply
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Expired CA and Server Certificates

I've heard of some similar errors from others, but always on the 9.0 and
3.0 versions of eDirectory and iManager, respectively. Could you test
with eDirectory 9.1 and iManager 3.1 to see if resolved there?

Another option may be to try the 'ndsconfig upgrade' command on the
eDirectory box to see if it will recreate your default certificates for
you that way.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.