Hi.

I just did a fresh install using the NW6.5.8 overlay DVD (MD5 OK), customized setup
with iManager + Tomcat5 servlet container. (it will replace the current BM3.9, BM
isn't installed yet, only NW6.5.8) No errors showed up during the NW-installation.

After rebooting the server, Apache didn't load due to an SSL certificate issue.

PKIDIAG gives the errors, see botom part of this posting, LOG-file is attached.

I found TID 7002686, which suggests, to delete the dir sys:\system\certserv\ on the
server hosting the Tree CA.

Before doing so, I want to ask these two questions:

1.) What might be the side effects of doing so?

2.) In case something should go wrong in the recreation process, is a backup of that
folder \certserv\ sufficent to restore the previous state?


The public key certificate of the organisational CA object is
valid through 11. Juli 2012.

I could just redo the server again, as nothing valuable is installed yet, if
required.



Regards, Rudi.


PKIDIAG -> repair, output:

[snip]
Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - BM39.border'.
KMO 'IP AG 10\.27\.1\.1 - BM39.border' is linked.
KMO 'Old1 SSL CertificateIP - BM39.border' is linked.
KMO 'DNS AG bm39\.goepfert\.intern - BM39.border' is linked.
KMO 'Old1 SSL CertificateDNS - BM39.border' is linked.
KMO 'Old2 SSL CertificateIP - BM39.border' is linked.
KMO 'Old2 SSL CertificateDNS - BM39.border' is linked.
KMO 'SSL CertificateIP - BM39.border' is linked.
KMO 'SSL CertificateDNS - BM39.border' is linked.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 10.27.1.1
ERROR -1785975800. The KMO SSL CertificateIP exists, but I can't decode it.
PROBLEM: Need to rename 'SSL CertificateIP - BM39.border'.
Fix: Successfully changed 'SSL CertificateIP - BM39.border' to 'Old3 SSL Cert
ificateIP - BM39.border'.
FIXING: Creating SSL CertificateIP (10.27.1.1)
Pausing for 5 seconds because of error -1211
Pausing for 5 seconds because of error -1211
Pausing for 5 seconds because of error 49934
ERROR 49934 creating SSL CertificateIP.
--> Number of Server DNS names for the IP address 10.27.1.1 = 1
--> The server's default DNS name is:
bm39.goepfert.intern
ERROR -1240. The KMO SSL CertificateDNS exists, but we can't decode it.
PROBLEM: Need to rename 'SSL CertificateDNS - BM39.border'.
Fix: Successfully changed 'SSL CertificateDNS - BM39.border' to 'Old3 SSL Cer
tificateDNS - BM39.border'.
FIXING: Creating SSL CertificateDNS (bm39.goepfert.intern)
Pausing for 5 seconds because of error -1211
Pausing for 5 seconds because of error 49934
ERROR 49934 creating SSL CertificateDNS.
Step 6 failed 49934.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 0
Problems fixed: 0
Un-fixable problems found: 0


<Press any key to continue>