I recently restored a netware server from a harddrive crash. I believe
this problem was created by me restoring files to the sys drive from a
restore that had certificate files from a different tree. The problem I am
having is finding what encryption files are broken and how to fix them.

I am having a problem with getting apache to start on a netware server.
The problem appears to start with LDAP. When I load up dstrace and set
only the LDAP switch I get the following error repeating over and over.

SSL_CTX_use_KMO failed. Error stack:
error:2612D0D4:KMO support routines:SSL_CTX_use_KMO:NICI
wrap/unwrap key failed (err = -1418)

I have tried to repair the certificates using PKIDiag but it fails to
repair as well.

Any ideas?

---------------------------------------------------------------------------
PKIDiag 2.70 -- (compiled Dec 09 2003 19:46:03).
(Check the end of the log for the last repair results)
Current Time: Mon Feb 20 13:38:13 2006
User logged-in as: admin.XXXXX.
Fixing mode
Rename and create mode
Always Re-key

--> Server Name = 'FS10'
---------------------------------------------------------------------------

Step 1 Verifying the Server's link to the SAS Service Object.
Server 'FS10.XXXX' points to SAS Service object 'SAS Service -
FS10.XXXXX'
Step 1 succeeded.

Step 2 Verifying the SAS Service Object
SAS Service object 'SAS Service - FS10.xxxxxx' is backlinked to
server 'FS10.xxxxxx'.
Step 2 succeeded.

Step 3 Verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - FS10.xxxxxx'.
--> No KMOs are linked to Service object 'SAS Service - FS10.xxxxxx'.
Step 3 succeeded.

Step 4 Verifying the KMOs
---> Testing KMO 'DNS AG FS10\.xxxxxx\.COM - FS10.xxxxxx'.
Rights check -- OK.
Back link -- OK.
Private Key -- Failed.

---> Testing KMO 'SSL CertificateDNS - FS10.xxxxxx'.
Rights check -- OK.
Back link -- OK.
Private Key -- Failed.

---> Testing KMO 'DNS AG FS10 - FS10.xxxxxx'.
Rights check -- OK.
Back link -- OK.
Private Key -- Failed.

---> Testing KMO 'SSL CertificateIP - FS10.xxxxxx'.
Rights check -- OK.
Back link -- OK.
Private Key -- Failed.

---> Testing KMO 'IP AG 192\.168\.2\.10 - FS10.xxxxxx'.
Rights check -- OK.
Back link -- OK.
Private Key -- Failed.
Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - FS10.xxxxxx'.
--> No KMOs are linked to Service object 'SAS Service - FS10.xxxxxx'.
INFO: kmo DNS AG FS10\.xxxxxx\.COM - FS10.xxxxxx should probably be
deleted.
INFO: kmo SSL CertificateDNS - FS10.xxxxxx should probably be deleted.
INFO: kmo DNS AG FS10 - FS10.xxxxxx should probably be deleted.
INFO: kmo SSL CertificateIP - FS10.xxxxxx should probably be deleted.
INFO: kmo IP AG 192\.168\.2\.10 - FS10.xxxxxx should probably be deleted.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 192.168.2.10
PROBLEM: A SSL CertificateIP does not exist
FIXING: Creating SSL CertificateIP (192.168.2.10)
Pausing for 5 seconds because of error -1418
ERROR -1418 creating SSL CertificateIP.
--> Number of Server DNS names for the IP address 192.168.2.10 = 1
--> The server's default DNS name is:
MAIL.xxxxxx.COM
PROBLEM: A SSL CertificateDNS does not exist
FIXING: Creating SSL CertificateDNS (MAIL.xxxxxx.COM)
Pausing for 5 seconds because of error -1418
ERROR -1418 creating SSL CertificateDNS.
Step 6 failed -1418.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 2
Problems fixed: 0
Un-fixable problems found: 0