Creation of default server certificates fails with error -1222

  • 7015505
  • 08-Aug-2014
  • 08-Aug-2014


eDirectory 8.8.x
Certificate Authority


Creation/regeneration of default server certificates fails with error -1222

Running "ndsconfig upgrade" after deleting and recreating the tree CA fails


Use iManager or ldapsearch to see if there are multiple values for the ndspkiCRLConfigurationDNList attribute.
ldapsearch -x -H ldap:// -D cn=admin,o=novell -W -b cn=MyCA,cn=Security -s base -LLL ndspkiCRLConfigurationDNList
ndspkiCRLConfigurationDNList: cn=CRL_1 - Configuration,cn=CRL Container,cn=Security#0#
ndspkiCRLConfigurationDNList: cn=One - Configuration,cn=CRL Container,cn=Security#0#

On the CA object view the ndspkiCRLConfigurationDNList attribute (use the other tab in iManager) and remove the crl that is not valid.


Multiple CRL configuration object DNs are added to the CA's ndspkiCRLConfigurationDNList attribute.

Additional Information

Sample from pki-install.log

Called NPKIGetServerInfo to turn ON Server File Trace for server: server1.novell
Calling NPKICreateDefaultCertificates
Calling NPKICreateDefaultCertificates error -1222
A default DNS Name was not specified.
NPKICreateDefaultCertificates with the IP address specified.
Calling NPKICreateDefaultCertificates error -1222
Resolving to the SSL CertificateDNS - servername.context Object.
The SSL CertificateDNS object for this server already exists.
Called NPKIGetServerInfo to turn OFF Server File Trace for server: server1.novell