Entrust certificate creation fails with -1238 error

  • 7002491
  • 28-Jan-2009
  • 30-Apr-2012

Environment

Novell eDirectory 8.8 for All Platforms
Novell GroupWise 8
Novell GroupWise 7

Situation

Created a certificate signing request (CSR) and sent it to Entrust.  Recieved a server certificate and an Intermediate Certification Authority.  (In particular, it happens with the L1B Chain Certificate.)  Attempted to import these files and complete the process of creating a certificate.  The certificate wasn't created and a -1238 error was returned.

Resolution

1. Contact Novell Technical support for a new PKI.NLM.  (It hasn't been released yet.)
2. On the server associated with the certificate, rename the existing pki.nlm to pki.org.
3. Copy the new pki.nlm to sys:/system
4. Unload pki.nlm
5. Load pki.nlm
6. Complete the certificate creation process.  (Note: If you turn on trace with +pkis, the log will still show the -1238.  However, this is a cosmetic error that does not affect the proper use of the certificate.)
7. Rename pki.org to pki.nlm.
8. Unload pki.nlm.
9. Load pki.nlm

Feedback service temporarily unavailable. For content questions or problems, please contact Support.