Creation of default server certificates fails with error -1222

Document ID:7015505
Creation Date:08-Aug-2014
Modified Date:08-Aug-2014
- Micro Focus Products:
  eDirectory
  Open Enterprise Server

Environment

eDirectory 8.8.x
Certificate Authority

Situation

Creation/regeneration of default server certificates fails with error -1222

Running "ndsconfig upgrade" after deleting and recreating the tree CA fails

Resolution

Use iManager or ldapsearch to see if there are multiple values for the ndspkiCRLConfigurationDNList attribute.

Example:

ldapsearch -x -H ldap:// -D cn=admin,o=novell -W -b cn=MyCA,cn=Security -s base -LLL ndspkiCRLConfigurationDNList

Returns:

ndspkiCRLConfigurationDNList: cn=CRL_1 - Configuration,cn=CRL Container,cn=Security#0#

ndspkiCRLConfigurationDNList: cn=One - Configuration,cn=CRL Container,cn=Security#0#

On the CA object view the ndspkiCRLConfigurationDNList attribute (use the other tab in iManager) and remove the crl that is not valid.

Cause

Multiple CRL configuration object DNs are added to the CA's ndspkiCRLConfigurationDNList attribute.

Additional Information

Sample from pki-install.log

**********************************************************************
pkiInstall::CreateServerCertificate
**********************************************************************
Called NPKIGetServerInfo to turn ON Server File Trace for server: server1.novell
Calling NPKICreateDefaultCertificates
Calling NPKICreateDefaultCertificates error -1222
A default DNS Name was not specified.
NPKICreateDefaultCertificates with the IP address specified.
Calling NPKICreateDefaultCertificates error -1222
Resolving to the SSL CertificateDNS - servername.context Object.
The SSL CertificateDNS object for this server already exists.
Called NPKIGetServerInfo to turn OFF Server File Trace for server: server1.novell