Environment
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
SUSE Linux Enterprise Server 10 Service Pack 3
Novell iManager 2.7
Novell eDirectory 8.8 for Linux
SUSE Linux Enterprise Server 10 Service Pack 3
Novell iManager 2.7
Novell eDirectory 8.8 for Linux
Situation
Cannot generate certificate revocation list
Creating CRL [Certificate Revocation List] with iManager fails
Creating CRL with iManager fails
Creating certificate revocation list fails with iManager
Symptoms:
Certificate Authority works fine and all certificates are valid but creating CRL container and CRL configuration object did not work.
Creating CRL [Certificate Revocation List] with iManager fails
Creating CRL with iManager fails
Creating certificate revocation list fails with iManager
Symptoms:
Certificate Authority works fine and all certificates are valid but creating CRL container and CRL configuration object did not work.
Resolution
Steps to resolve:
- Delete all CRL objects from the tree using either iManager or ConsoleOne including CRL configuration objects and CRL container.
- Move all CRL file and directories from dib directory to /tmp directory
cd /var/opt/novell/eDirectory/data/dib
mv crl* /tmp - Restart eDirectory on the server
rcndsd stop
rcndsd start
rcndsd status - Launch iManager | Roles and Tasks | Novell Certificate Server | Configure Certificate Authority | click on Create CRL configuration object and specify name and CRL file path [by default the path is set to apache2\htdocs\ | select the distribution points and click on next [by default select all] | click on finish. Under Certificate Authority tab | go to CRL tab and make CRL configuration object as active.
- Click on CRL name and make sure the status shows as "success" under configuration tab. Go to Details tab and click on export and save the file.
Additional Information
Make sure to login into the iManager with user having administrative rights.