-1,236 error creating eDirectory certificates on Solaris

  • 3049070
  • 03-Oct-2007
  • 26-Apr-2012


Novell Certificate Server (PKIS)
Novell ConsoleOne
Novell iManager
Novell eDirectory 8.7.3 for Solaris


Error: Failed to store certificates into the certificate-name object. The error code is -1,236. The object will be removed. The server could not add the specific certificate as a trusted root to the Server Certificate Object (also known as the Key Material Object).

/proc/pid-of -ndsd-process/fd directory contains 256 or more files

ndstrace with +pkii shows a failure to create/open necessary files during certificate creation

PKI versions prior to 3.2 contain fopen calls which are limited to 256 file descriptors.



  • Using iManager 2.6, click on the Create Server Certificate Link.
  • Step 1
    • Choose Host server
    • Give the certificate a name after Nickname (Default SSL CertificateDNS or SSL CertificateIP)
    • Click the Custom radio button
    • Click Next
  • Step 2
    • Organizational certificate authority should be checked, just leave this as is.
    • Click Next
  • Step 3
    • Leave as is and click Next
  • Step 4
    • Check "" and leave everything else as default
  • Step 5
    • Click Next leaving default settings.
  • Step 6
    • Click Finish
Checking "

Edit /usr/lib/nds-modules/ndsmodules.conf and comment out any module that isn't critical to the startup/basic function of ndsd. EX: httpstk, snmp, gams, nldap, imon, embox, dxevent and naudit.

Restart ndsd

Create the necessary certificates

Restore the /usr/lib/nds-modules/ndsmodules.conf file to it's previous state

Restart ndsd


The problem has been reported to development and the fix is expected to be included in PKI versions 3.2 and later.