Environment
Novell Certificate Server (PKIS)
Novell ConsoleOne
Novell iManager
Novell eDirectory 8.7.3 for Solaris
Situation
Error: Failed to store certificates into the certificate-name object.
The error code is -1,236. The object will be removed.
The server could not add the specific certificate as a trusted root
to the Server Certificate Object (also known as the Key Material
Object).
/proc/pid-of -ndsd-process/fd directory contains 256 or more files
ndstrace with +pkii shows a failure to create/open necessary files during certificate creation
PKI versions prior to 3.2 contain fopen calls which are limited to 256 file descriptors.
/proc/pid-of -ndsd-process/fd directory contains 256 or more files
ndstrace with +pkii shows a failure to create/open necessary files during certificate creation
PKI versions prior to 3.2 contain fopen calls which are limited to 256 file descriptors.
Resolution
Workaround:
Edit /usr/lib/nds-modules/ndsmodules.conf and comment out any module that isn't critical to the startup/basic function of ndsd. EX: httpstk, snmp, gams, nldap, imon, embox, dxevent and naudit.
Restart ndsd
Create the necessary certificates
Restore the /usr/lib/nds-modules/ndsmodules.conf file to it's previous state
Restart ndsd
Fix:
The problem has been reported to development and the fix is expected to be included in PKI versions 3.2 and later.
- Using iManager 2.6, click on the Create Server Certificate Link.
- Step 1
- Choose Host server
- Give the certificate a name after Nickname (Default SSL CertificateDNS or SSL CertificateIP)
- Click the Custom radio button
- Click Next
- Step 2
- Organizational certificate authority should be checked, just leave this as is.
- Click Next
- Step 3
- Leave as is and click Next
- Step 4
- Check "" and leave everything else as default
- Step 5
- Click Next leaving default settings.
- Step 6
- Click Finish
Edit /usr/lib/nds-modules/ndsmodules.conf and comment out any module that isn't critical to the startup/basic function of ndsd. EX: httpstk, snmp, gams, nldap, imon, embox, dxevent and naudit.
Restart ndsd
Create the necessary certificates
Restore the /usr/lib/nds-modules/ndsmodules.conf file to it's previous state
Restart ndsd
Fix:
The problem has been reported to development and the fix is expected to be included in PKI versions 3.2 and later.