Novell Access Manager amdiagcfg fails to run with "Error: PKI_E_BAD_REQUEST_SYNTAX, Error: -1214"

  • 7009440
  • 27-Sep-2011
  • 26-Apr-2012


Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Service Pack 3


  • amdiagcfg fails to run storing the following error in the "nidp_backup_[date].log file:

    Error: PKI_E_BAD_REQUEST_SYNTAX, Error: -1214
        at com.novell.nids.certmgr.DirCertx509.A(Unknown Source)
        at com.novell.nids.certmgr.DirCertx509.getSubjectName(Unknown Source)
        at com.novell.nids.bkuputil.Util.dumpCert(Unknown Source)
        at com.novell.nids.bkuputil.Util.dumpCertificates(Unknown Source)
        at com.novell.nids.bkuputil.Util.xmlDump(Unknown Source)
        at Source)
        at com.novell.nids.bkuputil.Util.main(Unknown Source)

  • TID 7008016 which reports he same PKI error during the install process does not solve this problem


  • The Novell Access Manager configuration store hosted on the Admin Console Server stored several Key Material Objects (KMOs) which have not been filled with a trust chain and the requested certificate (Certificate Signing Request pending state) . At this status the amdiagcfg tool finds a certificate entry (KMO) but fails on reading the certificate. If the certificates with a pending Certificate Signing Request (CSR) are not longer needed remove these entries to succeed on running amdiagcfg

  • This issue has been as well addressed to engineering to cover such a situation.