Environment
Novell eDirectory 8.8 for NetWare 6.5 sp8
Novell Certificate Server (PKIS) 3.3
Novell Certificate Server (PKIS) 3.3
Situation
Attempting to create a new certificate with iManager
2.7 would return an error message with no error code.
When looking at the DSTrace screen with +PKI enabled, it showed an
error 49215 was being returned. The 49215 error was
also seen in ConsoleOne.
Resolution
Error 49215 is a flaim error (equivalent code is
0xC03f). This means that flaim considers the file being
accessed to not be a flaim database file. In this case, the
file being accessed was the sys:\certserv\cert.db file, which
contains some data about all of the certificates that have been signed by the
CA. In this case, the file was corrupted to the point that
the flaim code could not decode the file.
NOTE: This file is only present on the server hosting the tree Certificate Authority (CA). All other servers generating certificates will get this error if the \certserv\cert.db file is corrupted.
This database was created for future functionality (i.e. functionality that may be implemented in the future). If this database is deleted, its will not impact any current functionality. You should also check for and remove cert.01, cert.lck, and cert.rfl files in the same directory if they exist, as the files are matched set. After deletion, attempting to create/sign a new certificate will regenerate this set of files, but previous data is lost.
NOTE: This file is only present on the server hosting the tree Certificate Authority (CA). All other servers generating certificates will get this error if the \certserv\cert.db file is corrupted.
This database was created for future functionality (i.e. functionality that may be implemented in the future). If this database is deleted, its will not impact any current functionality. You should also check for and remove cert.01, cert.lck, and cert.rfl files in the same directory if they exist, as the files are matched set. After deletion, attempting to create/sign a new certificate will regenerate this set of files, but previous data is lost.
Additional Information
WARNING WARNING WARNING
In most cases, the directory where the cert database exists also contains a
CRL database (crl.db). Be careful not to delete this database (or associated
files) as it contains information about revoked certificates. Deleting the crl
database could have serious security implications. Any certificates which were
previously revoked and which have not expired will most likely become valid if
the CRL database is deleted.