Environment
Open Enterprise Server 2018 SP2
SUSE Linux Enterprise Server 12 SP5
eDirectory 9.2.2
Situation
Validating EC server certificates in iManager failed with error.
"Invalid: CRL Decode Error when validating server EC SSL certificates"
Resolution
1) iManager –NetIQ Certificate Server-- Configure Certificate Authority – CRL tab – choose the EC CRL
2) In [CRL File Location on CA Server], input /var/opt/novell/eDirectory/data/nds-http/crl, and Apply
3) From CRL Distribution Points, modify the port 80 to 8028 for http://ip_addr:80/crl/xxx(EC.crl, and http://host:80/crl/xxx_EC.crl, and Apply
4) Click Issue Now on this page, you will find the crl file created into the CRL File Location on CA server.
5) Now Repair Default Certificates for the server and choose Yes—All Default Certificates will be overwritten.
Cause
CA is recreated with incorrect default values for EC CRL