Error trying to create Edir to Edir certificates for Identity Manager with iManager 2.7

  • 7003412
  • 01-Jun-2009
  • 27-Apr-2012


Novell NetWare 6.5 Support Pack 8
Novell NetWare 6.5 Support Pack 7
Novell Identity Manager 3.5.1
Novell iManager 2.7


Edir to Edir certificates expired. Need to re-create them as Edir drivers are down.

Use iManager on an SP7 server to create the Edir to Edir certificates using the wizard. The wizard accepts all the info and creates the local tree's certificate but gives an error when contacting the remote tree.

  Error:    Driver Wizard - Error

The following 'Exception' was thrown but not handled.

''Unable to create the certificates.  The following error occurred: The subject or issuer name in the certificate contains a typeful name that is not understood by Novell Certificate Server''.

 Server certificates will be created using the following parameters.
Parameter           Value
RSA Key Size           2048
Signature Algorithm           SHA1-RSA
Certificate Name           VLTREE_VL2TREE Driver(VL1Srv1_kmo)
Certificate Name           VL2TREE_VLTREE driver(VL2Srv1_kmo)

Note: Both NW6.5SP7 and NW6.5SP8 servers exist in the tree.


The CA in one of the trees is on SP8, and the CA in the other tree is on a NW6.5SP7 server. 

The Edir to Edir certificate wizard was being run from a NW6.5SP7 server. After running the certificate wizard from a NW6.5SP8 server, the problem goes away.

The NW6.5SP8 server is running a newer version of PKI services.

Using the Edir to Edir certficates wizard from an SP8 server resolves the problem.

Additional Information

Note: Although you receive different errors in Console One, using Console One on a NW6.5SP8 server successfully creates the certificates manually, but with a NW6.5SP7 server and Console One, invalid certificates are created.