Greetings All,

I am having some difficulty with a server that won't create it's
certificates when it is added to an existing tree.

The server in question has had a disk upgrade and is being re-inserted
into the tree as a new server.

There is one existing server in the tree - both servers are OES SP2.

The first error that appear in ndsd.log is

Jul 13 15:13:06 NPKIFindKMO: certDN = SSL CertificateDNS -
fs1.fs1.company
Jul 13 15:13:06 NPKIFindKMO: Couldn't resolve to the specified
certificate.
Jul 13 15:13:06 Exiting NPKIFindKMO...
Jul 13 15:13:06 NPKICreateServerCertificates: Error finding specified
certificate (-601)

Both servers are configured as slp DA's and can see each other from
their repective slp borwsers.

The new server has the existing server as its ntp server and ntpq -p shows
it is connecting ok (I believe).

Also both servers are reachable via server name and fqdn.

Any thougths as to what might be wrong would be greatly appricated?

A larger extract of the log is included below.

Let me know if there are any more details that will help.

Regards, Andrew


-----------------------------------------------------------------------

/var/nds/ndsd.log -


Jul 13 15:13:06
************************************************** **********************

Jul 13 15:13:06 Creating SSL CertificateDNS
Jul 13 15:13:06
************************************************** **********************

Jul 13 15:13:06 Entering NPKICreateServerCertificate...
Jul 13 15:13:06 Entering NPKIFindKMO...
Jul 13 15:13:06 NPKIFindKMO: certName = SSL CertificateDNS
Jul 13 15:13:06 NPKIFindKMO: certDN = SSL CertificateDNS -
fs1.fs1.company
Jul 13 15:13:06 NPKIFindKMO: Couldn't resolve to the specified
certificate.
Jul 13 15:13:06 Exiting NPKIFindKMO...
Jul 13 15:13:06 NPKICreateServerCertificates: Error finding specified
certificate (-601)

Jul 13 15:13:06 Entering NPKIFindOrganizationalCA...
Jul 13 15:13:06 NPKIFindOrganizationalCA: Found an Organizational CA -
TREE CA.Security
Jul 13 15:13:06 Exiting NPKIFindOrganizationalCA...
Jul 13 15:13:06 NPKICreateServerCertificates: Name of the
organizational CA is TREE CA.Security

Jul 13 15:13:06 Entering NPKIGetHostServerDN...
Jul 13 15:13:06 Exiting NPKIGetHostServerDN...
Jul 13 15:13:06 NPKICreateServerCertificates: NPKIGetHostServerDN
failed = -603

Jul 13 15:13:06 Exiting NPKICreateServerCertificate...
Jul 13 15:13:06 SecurityInstall:Error in NPKICreateServerCertificates
while creating DefaultDNSCert-603
Jul 13 15:13:06 Server Certificates could not be created (-603)
Jul 13 15:13:06 Failed to configure security objects.
Jul 13 15:13:06 SecurityInstall: Ending the install of PKI with errors.

--