Error 49215 attempting to create new SSL Certificates

  • 7006273
  • 14-Jun-2010
  • 26-Apr-2012


Novell eDirectory 8.8 for NetWare 6.5 sp8
Novell Certificate Server (PKIS) 3.3


Attempting to create a new certificate with iManager 2.7 would return an error message with no error code.   When looking at the DSTrace screen with +PKI enabled, it showed an error 49215 was being returned.  The 49215 error was also seen in ConsoleOne.


Error 49215 is a flaim error (equivalent code is 0xC03f).  This means that flaim considers the file being accessed to not be a flaim database file.  In this case, the file being accessed was the sys:\certserv\cert.db file, which contains some data about all of the certificates that have been signed by the CA.  In this case, the file was corrupted to the point that the flaim code could not decode the file. 

NOTE: This file is only present on the server hosting the tree Certificate Authority (CA).  All other servers generating certificates will get this error if the \certserv\cert.db file is corrupted.

This database was created for future functionality (i.e. functionality that may be implemented in the future).  If this database is deleted, its will not impact any current functionality.  You should also check for and
  remove cert.01, cert.lck, and cert.rfl files in the same directory if they exist, as the files are matched set.  After deletion, attempting to create/sign a new certificate will regenerate this set of files, but previous data is lost.

Additional Information

In most cases, the directory where the cert database exists also contains a CRL database (crl.db).  Be careful not to delete this database (or associated files) as it contains information about revoked certificates.   Deleting the crl database could have serious security implications.  Any certificates which were previously revoked and which have not expired will most likely become valid if the CRL database is deleted.