Entrust certificate creation fails with -1238 error

  • 7002491
  • 28-Jan-2009
  • 30-Apr-2012

Environment

Novell eDirectory 8.8 for All Platforms
Novell GroupWise 8
Novell GroupWise 7

Situation

Created a certificate signing request (CSR) and sent it to Entrust.  Recieved a server certificate and an Intermediate Certification Authority.  (In particular, it happens with the L1B Chain Certificate.)  Attempted to import these files and complete the process of creating a certificate.  The certificate wasn't created and a -1238 error was returned.

Resolution

1. Contact Novell Technical support for a new PKI.NLM.  (It hasn't been released yet.)
2. On the server associated with the certificate, rename the existing pki.nlm to pki.org.
3. Copy the new pki.nlm to sys:/system
4. Unload pki.nlm
5. Load pki.nlm
6. Complete the certificate creation process.  (Note: If you turn on trace with +pkis, the log will still show the -1238.  However, this is a cosmetic error that does not affect the proper use of the certificate.)
7. Rename pki.org to pki.nlm.
8. Unload pki.nlm.
9. Load pki.nlm