Inporting a certificate using the Access Manager Console returns certificate server error -1223

  • 7011330
  • 08-Nov-2012
  • 08-Nov-2012

Environment

Novell Access Manager 3.1 Access Administration
NetIQ Access Manager 3.2

Situation

  • a certificate renew is required due to the fact a certificate is going to expire
  • a new issued certificate and the trusted root chain is available for the import process on an existing certificate in order to run a renew process
  • importing the new certificate and its root chain returns the PKI error: "-1223"

Resolution

If the original Certificate Signing Request is not longer available in order to request a certificate renew a complete new certificate has to be created.

Cause

The new certificate has been created from another (not the original) certificate signing request (CSR). Therefore the new certificate does not include the matching public key stored on the existing certificate which has to be renewed. Note: Each new certificate signing request will create a new key pair.