Environment
Novell NetWare 6.5 Support Pack 8
Novell NetWare 6.5 Support Pack 7
Novell Identity Manager 3.5.1
Novell iManager 2.7
Novell NetWare 6.5 Support Pack 7
Novell Identity Manager 3.5.1
Novell iManager 2.7
Situation
Edir to Edir certificates expired. Need to re-create them as Edir drivers are down.
Use iManager on an SP7 server to create the Edir to Edir certificates using the wizard. The wizard accepts all the info and creates the local tree's certificate but gives an error when contacting the remote tree.
Error: Driver Wizard - Error
The following 'Exception' was thrown but not handled.
''Unable to create the certificates. The following error occurred: The subject or issuer name in the certificate contains a typeful name that is not understood by Novell Certificate Server''.
Server certificates will be created using the following parameters.
Parameter Value
RSA Key Size 2048
Signature Algorithm SHA1-RSA
Certificate Name VLTREE_VL2TREE Driver(VL1Srv1_kmo)
Certificate Name VL2TREE_VLTREE driver(VL2Srv1_kmo)
Note: Both NW6.5SP7 and NW6.5SP8 servers exist in the tree.
Use iManager on an SP7 server to create the Edir to Edir certificates using the wizard. The wizard accepts all the info and creates the local tree's certificate but gives an error when contacting the remote tree.
Error: Driver Wizard - Error
The following 'Exception' was thrown but not handled.
''Unable to create the certificates. The following error occurred: The subject or issuer name in the certificate contains a typeful name that is not understood by Novell Certificate Server''.
Server certificates will be created using the following parameters.
Parameter Value
RSA Key Size 2048
Signature Algorithm SHA1-RSA
Certificate Name VLTREE_VL2TREE Driver(VL1Srv1_kmo)
Certificate Name VL2TREE_VLTREE driver(VL2Srv1_kmo)
Note: Both NW6.5SP7 and NW6.5SP8 servers exist in the tree.
Resolution
The CA in one of the trees is on SP8, and the CA in the other tree is on a NW6.5SP7 server.
The Edir to Edir certificate wizard was being run from a NW6.5SP7 server. After running the certificate wizard from a NW6.5SP8 server, the problem goes away.
The NW6.5SP8 server is running a newer version of PKI services.
Using the Edir to Edir certficates wizard from an SP8 server resolves the problem.
The Edir to Edir certificate wizard was being run from a NW6.5SP7 server. After running the certificate wizard from a NW6.5SP8 server, the problem goes away.
The NW6.5SP8 server is running a newer version of PKI services.
Using the Edir to Edir certficates wizard from an SP8 server resolves the problem.
Additional Information
Note: Although you receive different errors in Console One, using
Console One on a NW6.5SP8 server successfully creates the certificates
manually, but with a NW6.5SP7 server and Console One, invalid
certificates are created.