Error: -1253 is generated when importing third party certificate

  • 7003605
  • 22-Jun-2009
  • 30-Apr-2012


Novell eDirectory
Novell Certificate Server (PKIS)
Novell iManager


Cannot import third party certificate through iManager or ConsoleOne.
error -1253

The certificate chain being stored in a Server Certificate objectServer_Certificate_Object is invalid.

Possible Cause
When the certificate was exported, it does not contain the correct intermediate certificate in the certificate chain.


Possible Solution
1. If the Certificate is in a .der or .cer file, then double click on it and install it into Internet Explorer. If it is in a reply email with the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags, then open notepad, past the certificate from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- including the begin and end information into the file and save as cert.der. Then Double click on cert.der and install it into Internet Explorer.

2. Open up Internet Explorer, go to Tools, Internet Options, Content tab, Certificates button. You should see the certificate you imported under the Other People tab. Double click on it to open it up and check the Certification Path. Hopefully now you will see the full path and there will be not missing information or errors. If there are errors or missing information, try it on another workstation. If you cannot find one with the full path information listed you will likely need to contact the certificate provider to complete the path.

3. If the information in the path is correct, close down the certificate details, highlight it and select the Export button. Click Next to begin the wizard and then select "Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B)" as the format and CHECK (YES Include) on "Include all certificates in the certification path if possible", then select Next and give it a file name and path (such as c:\cert), then select Next and Finished. It should reply back with "The export was successful"

4. Now use the cert.p7b file to complete the certificate import that had failed.

- After Importing the certificate it may not Validate properly in ConsoleOne. This is typically due to ConsoleOne's ability to resolve the full external certificate path properly. The Certificate may still work just fine, try it anyway and it should work.

-We found that this error can be generated when the third party certificate vendor changes their intermediary certificates. IE will grab the current intermediary certificate and chain it correctly.

-Contact the third party company if this does not resolve the issue.

All new enhancements and bug fixes are being placed in iManager. Should you experience errors during this process please download the latest version of iManager, either server-based or client based, update the certificate plugins and try again.