Creation of default server certificates fails with error -1222

  • 7015505
  • 08-Aug-2014
  • 08-Aug-2014

Environment

eDirectory 8.8.x
Certificate Authority

Situation

Creation/regeneration of default server certificates fails with error -1222

Running "ndsconfig upgrade" after deleting and recreating the tree CA fails

Resolution

Use iManager or ldapsearch to see if there are multiple values for the ndspkiCRLConfigurationDNList attribute.
Example:
ldapsearch -x -H ldap:// -D cn=admin,o=novell -W -b cn=MyCA,cn=Security -s base -LLL ndspkiCRLConfigurationDNList
Returns:
ndspkiCRLConfigurationDNList: cn=CRL_1 - Configuration,cn=CRL Container,cn=Security#0#
ndspkiCRLConfigurationDNList: cn=One - Configuration,cn=CRL Container,cn=Security#0#

On the CA object view the ndspkiCRLConfigurationDNList attribute (use the other tab in iManager) and remove the crl that is not valid.

Cause

Multiple CRL configuration object DNs are added to the CA's ndspkiCRLConfigurationDNList attribute.

Additional Information

Sample from pki-install.log

**********************************************************************
pkiInstall::CreateServerCertificate
**********************************************************************
Called NPKIGetServerInfo to turn ON Server File Trace for server: server1.novell
Calling NPKICreateDefaultCertificates
Calling NPKICreateDefaultCertificates error -1222
A default DNS Name was not specified.
NPKICreateDefaultCertificates with the IP address specified.
Calling NPKICreateDefaultCertificates error -1222
Resolving to the SSL CertificateDNS - servername.context Object.
The SSL CertificateDNS object for this server already exists.
Called NPKIGetServerInfo to turn OFF Server File Trace for server: server1.novell

Feedback service temporarily unavailable. For content questions or problems, please contact Support.