Third Party Certificate not working - SAS CryptInit returned -11

  • 3989193
  • 04-Jan-2007
  • 26-Apr-2012

Environment

Novell NetWare 6.0
Novell NetWare 6.5

Situation

Created new Certificate object (NDSPKI: Key Material object) using a third party certificate (in this case, crom Network Solutions). Certificate appears valid, when validating under the Certificates tab for the Trusted Root Certificate and the Public Key Certificate.
Assigned that certificate to the LDAP Server Object and could not connect on a secure connectin (636 by default) using an export of the Trusted Root Certificate from the new Certificate.
Generated the following errors in a LDAP trace on the server (+LDAP, with all Screen options checked in the Display Options box on the LDAP Server object, except for the Packet Dump or Decoding)
Thread pool status: Total:1 Peak:1 Busy:1
Work info status: Total:1 Peak:0 Busy:0
Waiting for 0 worker threads, 0 monitor threads, and 1 misc threads to terminate
Background thread 0x9d terminated
"LDAP v3 for Novell eDirectory 8.6.2" v10350.08 stopped
SSL initialized successfully
Server configuration has completed
Thread pool status: Total:1 Peak:1 Busy:1
Work info status: Total:1 Peak:1 Busy:0
Restarting listener due to updated configuration
Setting up TCP listener on port 389
Setting up SSL listener on port 636
PN_SSLInitPort: SAS CryptInit returned (-11)
LDAP has not been configured with a valid SSL certificate.
SSL connections will fail until configured.
See Novell PKI Services and LDAP Services for NDS
help for more information.
"LDAP v3 for Novell eDirectory 8.6.2" v10350.08 started
Unlimited concurrent connections allowed

Resolution

1. Open the new Certificate created by importing the certificate information from the third party.
2. Export the Trusted Root Certificate, with Private Key information.
3. Create a new Certificate (NDSPKI: Key Material) object, importing the Trusted Root Certificate you exported in step 2.
4. Assign the new Certificate created in step 4 to your ldap server object and test again.
This process has resolved the SAS CryptInit returned -11 errors, and allow you to authenticate with a secure connection in LDAP with an export of the certificate created (from step 4).

Feedback service temporarily unavailable. For content questions or problems, please contact Support.