-1,236 error creating eDirectory certificates on Solaris

  • 3049070
  • 03-Oct-2007
  • 26-Apr-2012

Environment


Novell Certificate Server (PKIS)
Novell ConsoleOne
Novell iManager
Novell eDirectory 8.7.3 for Solaris

Situation

Error: Failed to store certificates into the certificate-name object. The error code is -1,236. The object will be removed. The server could not add the specific certificate as a trusted root to the Server Certificate Object (also known as the Key Material Object).

/proc/pid-of -ndsd-process/fd directory contains 256 or more files

ndstrace with +pkii shows a failure to create/open necessary files during certificate creation

PKI versions prior to 3.2 contain fopen calls which are limited to 256 file descriptors.

Resolution

Workaround:

  • Using iManager 2.6, click on the Create Server Certificate Link.
  • Step 1
    • Choose Host server
    • Give the certificate a name after Nickname (Default SSL CertificateDNS or SSL CertificateIP)
    • Click the Custom radio button
    • Click Next
  • Step 2
    • Organizational certificate authority should be checked, just leave this as is.
    • Click Next
  • Step 3
    • Leave as is and click Next
  • Step 4
    • Check "" and leave everything else as default
  • Step 5
    • Click Next leaving default settings.
  • Step 6
    • Click Finish
Checking "

Edit /usr/lib/nds-modules/ndsmodules.conf and comment out any module that isn't critical to the startup/basic function of ndsd. EX: httpstk, snmp, gams, nldap, imon, embox, dxevent and naudit.

Restart ndsd

Create the necessary certificates

Restore the /usr/lib/nds-modules/ndsmodules.conf file to it's previous state

Restart ndsd

Fix:

The problem has been reported to development and the fix is expected to be included in PKI versions 3.2 and later.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.