Cannot generate certificate revocation list

  • 7006855
  • 15-Sep-2010
  • 08-Jul-2014


Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
SUSE Linux Enterprise Server 10 Service Pack 3
Novell iManager 2.7
Novell eDirectory 8.8 for Linux


Cannot generate certificate revocation list
Creating CRL [Certificate Revocation List] with iManager fails
Creating CRL with iManager fails
Creating certificate revocation list fails with iManager

Certificate Authority works fine and all certificates are valid but creating CRL container and CRL configuration object did not work.


Steps to resolve:
  1. Delete all CRL objects from the tree using either iManager or ConsoleOne including CRL configuration objects and CRL container.
  2. Move all CRL file and directories from dib directory to /tmp directory
    cd  /var/opt/novell/eDirectory/data/dib

    mv  crl*  /tmp
  3. Restart eDirectory on the server
    rcndsd stop
    rcndsd start

    rcndsd status
  4. Launch iManager | Roles and Tasks | Novell Certificate Server | Configure Certificate Authority | click on Create CRL configuration object and specify name and CRL file path [by default the path is set to apache2\htdocs\ | select the distribution points and click on next [by default select all] | click on finish. Under Certificate Authority tab | go to CRL tab and make CRL configuration object as active.
  5. Click on CRL name and make sure the status shows as "success" under configuration tab. Go to Details tab and click on export and save the file.

Additional Information

Make sure to login into the iManager with user having administrative rights.