I recently just installed a new server and it got an error trying to
create the certificate. Now Apache does not load. So I ran pkidiag.nlm and
I do 4,5,6,0 and I get this error.
PKIDiag 2.78 -- (compiled Jul 18 2005 17:19:11).
(Check the end of the log for the last repair results)
Current Time: Tue Apr 24 12:35:47 2007
User logged-in as: admin
Fixing mode
Rekey mode
Always Re-key

--> Server Name = 'NW65-INFOC'
---------------------------------------------------------------------------

Step 1 Verifying the Server's link to the SAS Service Object.
Server 'NW65-INFOC.Church.Calvary' points to SAS Service object 'SAS
Service - NW65-INFOC.Church.Calvary'
Step 1 succeeded.

Step 2 Verifying the SAS Service Object
SAS Service object 'SAS Service - NW65-INFOC.Church.Calvary' is
backlinked to server 'NW65-INFOC.Church.Calvary'.
Step 2 succeeded.

Step 3 Verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service -
NW65-INFOC.Church.Calvary'.
--->KMO Old1 SSL CertificateIP - NW65-INFOC.Church.Calvary is linked.
--->KMO Old1 SSL CertificateDNS - NW65-INFOC.Church.Calvary is linked.
--->KMO SSL CertificateIP - NW65-INFOC.Church.Calvary is linked.
--->KMO SSL CertificateDNS - NW65-INFOC.Church.Calvary is linked.
Step 3 succeeded.

Step 4 Verifying the KMOs
---> Testing KMO 'SSL CertificateDNS - NW65-INFOC.Church.Calvary'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'SSL CertificateIP - NW65-INFOC.Church.Calvary'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'Old1 SSL CertificateDNS - NW65-INFOC.Church.Calvary'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'Old1 SSL CertificateIP - NW65-INFOC.Church.Calvary'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'DNS AG NW65-FS.CALVARYFTL.ORG - NW65-FS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateDNS - NW65-FS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG NW65-FS - NW65-FS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateIP - NW65-FS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'IP AG 10.0.0.98 - NW65-FS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG NW65-DSAPPSBK.CALVARYFTL.ORG -
NW65-DSAPPSBK.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateDNS - NW65-DSAPPSBK.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG NW65-DSAPPSBK - NW65-DSAPPSBK.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateIP - NW65-DSAPPSBK.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'IP AG 10.0.0.13 - NW65-DSAPPSBK.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateDNS - NW65-GW.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG NW65-GW.CALVARYFTL.ORG - NW65-GW.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateIP - NW65-GW.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'IP AG 10.0.0.91 - NW65-GW.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG NW65-ZEN.CALVARYFTL.ORG - NW65-ZEN.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateDNS - NW65-ZEN.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG NW65-ZEN - NW65-ZEN.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateIP - NW65-ZEN.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'IP AG 10.0.0.95 - NW65-ZEN.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateDNS - NW65-DSAPPS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG nw65-dsapps.calvaryftl.org -
NW65-DSAPPS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateIP - NW65-DSAPPS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'IP AG 10.0.0.99 - NW65-DSAPPS.Church.Calvary'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.

Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service -
NW65-INFOC.Church.Calvary'.
KMO 'Old1 SSL CertificateIP - NW65-INFOC.Church.Calvary' is linked.
KMO 'Old1 SSL CertificateDNS - NW65-INFOC.Church.Calvary' is linked.
KMO 'SSL CertificateIP - NW65-INFOC.Church.Calvary' is linked.
KMO 'SSL CertificateDNS - NW65-INFOC.Church.Calvary' is linked.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 10.0.0.15
ERROR -1809462968. The KMO SSL CertificateIP exists, but I can't decode it.
FIXING: Creating SSL CertificateIP (10.0.0.15)
Pausing for 5 seconds because of error -1418
ERROR -1418 creating SSL CertificateIP.
--> Number of Server DNS names for the IP address 10.0.0.15 = 1
--> The server's default DNS name is:
NW65-INFOC.CALVARYFTL.ORG
ERROR -1240. The KMO SSL CertificateDNS exists, but we can't decode it.
FIXING: Creating SSL CertificateDNS (NW65-INFOC.CALVARYFTL.ORG)
Pausing for 5 seconds because of error -1418
ERROR -1418 creating SSL CertificateDNS.
Step 6 failed -1418.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 0
Problems fixed: 0
Un-fixable problems found: 0

I think my certificate server is messed up. Any ideas?