Environment
Novell NetWare 6.0
Novell NetWare 6.5
Situation
Created new Certificate object (NDSPKI: Key Material object)
using a third party certificate (in this case, crom Network
Solutions). Certificate appears valid, when validating
under the Certificates tab for the Trusted Root Certificate and the
Public Key Certificate.
Assigned that certificate to the LDAP Server Object and could
not connect on a secure connectin (636 by default) using an export
of the Trusted Root Certificate from the new Certificate.
Generated the following errors in a LDAP trace on the server
(+LDAP, with all Screen options checked in the Display Options box
on the LDAP Server object, except for the Packet Dump or
Decoding)
Thread pool status: Total:1 Peak:1 Busy:1
Work info status: Total:1 Peak:0 Busy:0
Waiting for 0 worker threads, 0 monitor threads, and 1 misc threads to terminate
Background thread 0x9d terminated
"LDAP v3 for Novell eDirectory 8.6.2" v10350.08 stopped
SSL initialized successfully
Server configuration has completed
Thread pool status: Total:1 Peak:1 Busy:1
Work info status: Total:1 Peak:1 Busy:0
Restarting listener due to updated configuration
Setting up TCP listener on port 389
Setting up SSL listener on port 636
PN_SSLInitPort: SAS CryptInit returned (-11)
LDAP has not been configured with a valid SSL certificate.
SSL connections will fail until configured.
See Novell PKI Services and LDAP Services for NDS
help for more information.
"LDAP v3 for Novell eDirectory 8.6.2" v10350.08 started
Unlimited concurrent connections allowed
Work info status: Total:1 Peak:0 Busy:0
Waiting for 0 worker threads, 0 monitor threads, and 1 misc threads to terminate
Background thread 0x9d terminated
"LDAP v3 for Novell eDirectory 8.6.2" v10350.08 stopped
SSL initialized successfully
Server configuration has completed
Thread pool status: Total:1 Peak:1 Busy:1
Work info status: Total:1 Peak:1 Busy:0
Restarting listener due to updated configuration
Setting up TCP listener on port 389
Setting up SSL listener on port 636
PN_SSLInitPort: SAS CryptInit returned (-11)
LDAP has not been configured with a valid SSL certificate.
SSL connections will fail until configured.
See Novell PKI Services and LDAP Services for NDS
help for more information.
"LDAP v3 for Novell eDirectory 8.6.2" v10350.08 started
Unlimited concurrent connections allowed
Resolution
1. Open the new Certificate created by importing the
certificate information from the third party.
2. Export the Trusted Root Certificate, with Private Key
information.
3. Create a new Certificate (NDSPKI: Key Material)
object, importing the Trusted Root Certificate you exported in
step 2.
4. Assign the new Certificate created in step 4 to
your ldap server object and test again.
This process has resolved the SAS CryptInit returned -11
errors, and allow you to authenticate with a secure connection in
LDAP with an export of the certificate created (from step 4).