Cannot install Administration Console component of Access Manager

Administrator installed SLES10 server and wanted to install Access Manager devices on top of it. After running option 1 from the Identity Server CD (' Install Novell Access Manager Administration'), accepting the License agreement and entering the credentials, the install would error out during what appeared to be the installation of iManager 2.6.

Make sure that the DNS name of the server is not greater than 54 characters.

With installation errors, one always needs to look at the contents of the /tmp/novell_access_manager/ directory where the install log files are written too. In the above case, the key information from the installation failure were written to the install_iman_26* file which displayed the following information ...

Configuring Novell iManager:
com.novell.nids.certmgr.DirCertException: Error: Error: -613, Error: -613
at com.novell.nids.certmgr.DirCerts.A(Unknown Source)
at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
at com.novell.nids.install.MakeCertInKeystore.createCert(MakeCertInKeystore.java:234)
at com.novell.nids.install.MakeCertInKeystore.main(MakeCertInKeystore.java:360)
We are not in DHost. pid = 14070
Error creating key tomcat. Exiting makecert.


To enable some advanced debugging, we added the 'set -x' string to the top of the install.sh file to troubleshoot the bash file. When running this, the following output was recieved at the time of the error:


inst_iman:
Entering install ZipOps: npmPath: /tmp/inst_novlwww/iMan26.npm
webAppRoot: /var/opt/novell/tomcat4/webapps/nps
java.io.FileNotFoundException: /var/.com.zerog.registry.xml.save
(Permission denied)

+ /opt/novell/java/bin/java -cp
/srv/ftp/b1nam3sp1/novell-access-manager-3.0.1-127/utils/nids_install.ja
r:/srv/ftp/b1nam3sp1/novell-access-manager-3.0.1-127/utils/certmgr.jar:/
opt/novell/lib/npki.jar com.novell.nids.install.MakeCertInKeystore -h
10.1.28.77 -u cn=admin.o=novell -r 'novell' -n
'OAJOTSTWAC01.novnetlab.com. OAJOTSTWAC01.novnetlab.com' -a tomcat -c
'CN=OAJOTSTWAC01.novnetlab.com.
OAJOTSTWAC01.novnetlab.com.OU=accessManager.O=novell' -k changeit -ks
changeit -o JKS /var/opt/novell/novlwww/.keystore
com.novell.nids.certmgr.DirCertException: Error: Error: -613, Error:
-613
at com.novell.nids.certmgr.DirCerts.A(Unknown Source)
at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
at
com.novell.nids.install.MakeCertInKeystore.createCert(MakeCertInKeystore
.java:234)
at
com.novell.nids.install.MakeCertInKeystore.main(MakeCertInKeystore.java:
360)
We are not in DHost. pid = 8209


This showed that we actually failed in the make cert process ie. creating a server certificate. Looking at the subject name that we were trying to use in the server certificate, our DNS name was reported twice. This was an issue with our DNS server having duplicate entries BUT more importantly, it gave us a clue that the issue could be related to the legth of the subject name. Looking at the NMAS readme docs at https://www.novell.com/documentation/nmas23/readme/security_readme1.html, the following information is defined:

"The PKI install was unable to create the default IP and DNS certificates. Error -613. Do you want to retry?"The -613 error is not a fatal error; however, Novell Certificate Server will not be able to create the auto-generated certificates which match the long DNS name.

To avoid this problem with future servers, make sure that the combined number of characters of the DNS name and the server name is fewer than 54 characters.

Doing this fixed the problem. Added a defect against Access Manager install to make a check on the length of the certificate.