Invalid CRL Decode Error When Validating EC Certificates

  • 7024916
  • 08-Nov-2020
  • 07-Dec-2020

Environment

Open Enterprise Server 2018 SP2
SUSE Linux Enterprise Server 12 SP5
eDirectory 9.2.2

Situation

Validating EC server certificates in iManager failed with error.
"Invalid: CRL Decode Error when validating server EC SSL certificates"

Resolution

1) iManager –NetIQ Certificate Server-- Configure Certificate Authority – CRL tab – choose the EC CRL
2) In [CRL File Location on CA Server], input /var/opt/novell/eDirectory/data/nds-http/crl, and Apply
3) From CRL Distribution Points, modify the port 80 to 8028 for  http://ip_addr:80/crl/xxx(EC.crl, and http://host:80/crl/xxx_EC.crl, and Apply
4) Click Issue Now on this page, you will find the crl file created into the CRL File Location on CA server.
5) Now Repair Default Certificates for the server and choose Yes—All Default Certificates will be overwritten. 

Cause

CA is recreated with incorrect default values for EC CRL