Novell Access Manager amdiagcfg fails to run with "Error: PKI_E_BAD_REQUEST_SYNTAX, Error: -1214"

  • Document ID:7009440
  • Creation Date:27-Sep-2011
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Access Manager (NAM)

Environment


Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Service Pack 3

Situation


  • amdiagcfg fails to run storing the following error in the "nidp_backup_[date].log file:

    com.novell.nids.certmgr.DirCertException:
    Error: PKI_E_BAD_REQUEST_SYNTAX, Error: -1214
        at com.novell.nids.certmgr.DirCertx509.A(Unknown Source)
        at com.novell.nids.certmgr.DirCertx509.getSubjectName(Unknown Source)
        at com.novell.nids.bkuputil.Util.dumpCert(Unknown Source)
        at com.novell.nids.bkuputil.Util.dumpCertificates(Unknown Source)
        at com.novell.nids.bkuputil.Util.xmlDump(Unknown Source)
        at com.novell.nids.bkuputil.Util.work(Unknown Source)
        at com.novell.nids.bkuputil.Util.main(Unknown Source)

  • TID 7008016 which reports he same PKI error during the install process does not solve this problem

Resolution

  • The Novell Access Manager configuration store hosted on the Admin Console Server stored several Key Material Objects (KMOs) which have not been filled with a trust chain and the requested certificate (Certificate Signing Request pending state) . At this status the amdiagcfg tool finds a certificate entry (KMO) but fails on reading the certificate. If the certificates with a pending Certificate Signing Request (CSR) are not longer needed remove these entries to succeed on running amdiagcfg

  • This issue has been as well addressed to engineering to cover such a situation.