Novell NetWare 6.5 Support Pack 1
Novell Certificate Server 2.0
Novell eDirectory 8.7.3 for NetWare 6.5
Recently purchased a Verisign SSL certificate and attempting to
import it and the root ca into a server's kmo object.
Trying to import a Verisign certificate via ConsoleOne gives a " -1
Trying to import the same certificate via iManager gives "Error:
The following error occurred importing the certificate. The Novell
Certificate Server plug-in to iManager could not parse the
certificate or extract the mandatory elements from the certificate."
This issue has been resolved in PKI.NLM 2.73 or higher. Version
2.73 is contained in NetWare 6.5 SP2. It can also be found in the
latest security update, presently SECUPD6A.TGZ.
NOTE: You will have to match your server certificate's subject name
to match the subject name in the signed certificate.
1. Open the properties of the object via Console One.
Recommended version to date is 1.36c available on the support
2. Click on the Page Options box and disable the
Certificates tab in ConsoleOne. Disable - OK - OK - Cancel.
3. Open the object up again - Go to the Other Tab - Open
the Subject Name attribute and change the subject name to match the
one in the signed certificate received by Verisign. (This can be
verified by pasting the the signed certificate into Notepad as a
filename.cer file. Then double click on the file - Go to the
details page and examine the subject name.)
4.Now we can attempt to re-import the
certificate. First the Certificates tab must be re-enabled. Open
the Page Options - enable the Certificates page - Enable - OK - OK
- Cancel. Now re-open the properties of the object - Go to the
Certificates tab and select import.
Please also see the following TID: 3976735.
Usually when a Certificate Signing Request is being created to send
to Verisign the OU= is not used in the subject name. Example:
All new certificates being sent from Verisign now contain an OU=
in the subject name of the signed certificate returned regardless
Since the subject name of the signed certificate is different
from the subject used in the CSR the import fails with the above
Formerly known as TID# 10094212