Environment
Identity Manager
Identity Manager 4.0.2
SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)Novell NetWare 6.5
eDirectory Driver
Situation
Certificate error running NDS to NDS Driver Certificate Wizard
Error: Unable to create the Certificates. The Server Certificate or Key Material object needs to be updated.
Error: Unable to create the Certificates. The Server Certificate or Key Material object needs to be updated.
Resolution
Use SDIDIAG to gather tree key information and determine which server holds all the keys.
Verify the server is assigned to the NDSPKI:SD Key Server DN attribute on the WO object.
Restart eDirectory on the server missing keys. The restart of eDirectory should sync the keys to the server.
If 64 bit keys exist, revoke them and issued a 168 bit key. Sent new keys out to the rest of the tree by restarting ndsd or using sdidiag.
After repairing the keys on the server, the NDS to NDS Driver Certificate Wizard ran successfully and created the certificates for the eDirectory Drivers.
Useful Documents TID 3455150- Using SDIDiag to gather specific SDKey information from servers.
Additional Information
Using SDIDIAG, found that the the server keys were missing on the IDM2.01 Server.
Formerly known as TID# 10096842
Formerly known as TID# 10096842
Document 5173850 has the current sdidiag tool as of August 2014
Change Log
2014-08-17 Rance Burker: Imported KB 10096842 and updated contents.