Environment
Novell eDirectory
Novell Certificate Server (PKIS)
Novell iManager
Novell Certificate Server (PKIS)
Novell iManager
Situation
Error:
Cannot import third party certificate through iManager or ConsoleOne.
error -1253
Explanation:
The certificate chain being stored in a Server Certificate objectServer_Certificate_Object is invalid.
Cannot import third party certificate through iManager or ConsoleOne.
error -1253
Explanation:
The certificate chain being stored in a Server Certificate objectServer_Certificate_Object is invalid.
Possible Cause
When the certificate was exported, it does not contain the correct intermediate certificate in the certificate chain.
Resolution
Possible Solution
1. If the Certificate is in a .der or .cer file,
then double click on it and install it into Internet Explorer. If it is
in a reply email with the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags, then open notepad, past the certificate from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- including
the begin and end information into the file and save as cert.der. Then
Double click on cert.der and install it into Internet Explorer.
2. Open up Internet Explorer, go to Tools,
Internet Options, Content tab, Certificates button. You should see the
certificate you imported under the Other People tab. Double click on it
to open it up and check the Certification Path. Hopefully now you will
see the full path and there will be not missing information or errors.
If there are errors or missing information, try it on another
workstation. If you cannot find one with the full path information
listed you will likely need to contact the certificate provider to
complete the path.
3. If the information in the path is correct,
close down the certificate details, highlight it and select the Export
button. Click Next to begin the wizard and then select "Cryptographic
Message Syntax Standard - PKCS #7 Certificates (.P7B)" as the format
and CHECK (YES Include) on "Include all certificates in the
certification path if possible", then select Next and give it a file
name and path (such as c:\cert), then select Next and Finished. It should
reply back with "The export was successful"
4. Now use the cert.p7b file to complete the certificate import that had failed.
Notes:
- After Importing the certificate it may not Validate properly in
ConsoleOne. This is typically due to ConsoleOne's ability to resolve
the full external certificate path properly. The Certificate may still
work just fine, try it anyway and it should work.
-We found that this error can be generated when the third party certificate vendor changes their intermediary certificates. IE will grab the current intermediary certificate and chain it correctly.
-Contact the third party company if this does not resolve the issue.
-We found that this error can be generated when the third party certificate vendor changes their intermediary certificates. IE will grab the current intermediary certificate and chain it correctly.
-Contact the third party company if this does not resolve the issue.
All new enhancements and bug fixes are being placed
in iManager. Should you experience errors during this process please
download the latest version of iManager, either server-based or client
based, update the certificate plugins and try again.