Dear reader,

Recently the function of a Netware 6.0SP5 server changed; It had
Bordermanager installed and has 2 NIC's and was placed in a DMZ.
Now the server is "promoted" to an Intranet server and placed in an other
network segment.
So I disabled the public NIC (in inetcfg) and changed the ip-number of
the private NIC (using TID) all went OK except the certificate topic.
So i ran serveral times PKIDIAG but still get the same result.
To get this logging, I removed
SSL CertificateDNS - IPZSRV10 (I created it manualy, but it doesn't help)
SSL CertificateIP - IPZSRV10 (I created it manualy, but it doesn't help)
SAS Service
Then I let the eDir sync (monitored it with set dstrace=+sync), ran an
automatic full dsrepair (0 errors), let it sync, and started pkidiag

Here is the result of the first run:
-------------------------------------------------------------------------
PKIDiag 2.70 -- (compiled Dec 09 2003 19:46:03).
(Check the end of the log for the last repair results)
Current Time: Tue Dec 27 21:50:07 2005
User logged-in as: admin.tc.
Fixing mode
Rename and create mode
Rename and create when necessary

--> Server Name = 'IPZSRV10'
-------------------------------------------------------------------------

Step 1 Verifying the Server's link to the SAS Service Object.
Step 1 failed -601.

Step 2 Verifying the SAS Service Object
PROBLEM: A SAS Service object was not found.
FIX: Successfully created and linked SAS Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC' to
'IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
PROBLEM: SAS Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC' does not have Read All Attribute
rights to itself.'
Fix -->Successfully gave rights to the SAS Service object.
Step 2 succeeded.

Step 3 Verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
--> No KMOs are linked to Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
Step 3 succeeded.

Step 4 Verifying the KMOs
Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
--> No KMOs are linked to Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 10.47.0.15
PROBLEM: A SSL CertificateIP does not exist
Step 6 failed -659.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 3
Problems fixed: 2
Un-fixable problems found: 0
-------------------------------------------------------------------------


The SAS Service object is created;
SSL CertificateDNS and SSL CertificateIP certificates are NOT created


Here is the result of the second run:
-------------------------------------------------------------------------
PKIDiag 2.70 -- (compiled Dec 09 2003 19:46:03).
(Check the end of the log for the last repair results)
Current Time: Tue Dec 27 21:56:53 2005
User logged-in as: admin.tc.
Fixing mode
Rename and create mode
Rename and create when necessary

--> Server Name = 'IPZSRV10'
-------------------------------------------------------------------------
Step 1 Verifying the Server's link to the SAS Service Object.
Server 'IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC' points to SAS Service
object 'SAS Service - IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'
Step 1 succeeded.

Step 2 Verifying the SAS Service Object
SAS Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC' is backlinked to server
'IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
Step 2 succeeded.

Step 3 Verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
--->KMO CertificateIP - IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC is linked.
--->KMO CertificateDNS - IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC is
linked.
Step 3 succeeded.

Step 4 Verifying the KMOs
---> Testing KMO 'CertificateDNS -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'CertificateIP -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.
Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service -
IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC'.
KMO 'CertificateIP - IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC' is linked.
KMO 'CertificateDNS - IPZSRV10.BORDERMANAGER.SRV.ROERMOND.TC' is linked.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 10.47.0.15
PROBLEM: A SSL CertificateIP does not exist
Step 6 failed -659.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 1
Problems fixed: 0
Un-fixable problems found: 0
-------------------------------------------------------------------------

Any idea how I can get the certificates?
I tried re-installling the certificate erver, but I got an installation
error..

Thanks in Advance,
Erik