I am trying a process where I do an unattended install of NW65sp6 into
a temp_tree then ship the servers onsite to join the production_tree
(using remove DS and install DS in NWCONFIG).

I am using the "basic netware server" template for the initial install
and then doing a custom install of imanager, nrm, apache, tomcat as a
post install task once the server is in the production tree and 'after'
running PKIDIAG to repair the certificate objects.

No matter what combination of apps I choose, I can never get
Apache-dependent web apps running as they do when installing the server
directly into the production_tree.

The only LOGGER error I see is an LDAP failed ..... try running
TCKEYGEN at the console. TCKEYGEN fails with "Connection Refused"

Q1. Is my method fundementally flawed?

Q2. Can anyone share a 'proven' step by step guide to fixing
certificate objects after reinstalling DS onto a server?