Certificate server returns error: "-1238" while trying to create a new KMO

  • Document ID:3365282
  • Creation Date:08-Nov-2006
  • Modified Date:16-Mar-2012

Environment

Novell eDirectory 8.6 for All Platforms
Novell eDirectory 8.7 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
The Certificate Authority has been re-created with a subject name of 221 bytes

Situation

Certificate server returns error: "-1238" while trying to create a new KMO
PKI returns: -1238 0xFFFFFB2A PKI TERISA ADD CERTIFICATE ERROR

Resolution

Reducing the Size of the CA subject name solved the problem

Additional Information

In order to identify the root cause we broke down the process of creating a new server certificate (KMO) by ConsoleOne into three steps.
  1. Creating a Certificate Signing request (CSR) (External CA)
  2. Use ConsoleOne to issue the Certificate
  3. Use ConsoleOne to import the Trusted Root and Public Key Certificate

The problem came up during the import process of the certificate chain.
The Key File attribute (Terisa Key File) is octet encoded with a size limit of 64K
Based on the error message returned by Certificate server eDirectory could not store the Key File attribute

Formerly known as TID# 10093444