Can't seem to fix Expired Certificate with PKIDIAG - I get error -1222

Looking at forum I see I may need to re-create the CA

Also my ConsoleOne has '?' on ALL objects already in Security tab - where do
get the snapins for these

I found this - is this right?? or can someone point me to a TID if thats
more appropriate?

Creating an Organizational Certificate Authority Object
By default, the Novell Certificate Server installation process will create
the Organizational Certificate Authority (CA) for you. You will be prompted
to specify an Organizational CA name. When you click Finish, the
Organizational CA is created with the default parameters and placed in the
Security container.

If you want more control over the creation of the Organizational CA, you can
create the Organizational CA manually using ConsoleOne or Novell iManager.
Also, if you delete the Organizational CA, you will need to re-create it.

IMPORTANT: During the creation process, you will be prompted to name the
Organizational Certificate Authority object and to choose a server on which
the Certificate Authority service will run.

Select a server that is physically secure, that will be available when
needed to perform signing operations, that runs a protocol that is
compatible with the other servers in your organization (for example, IP,
IPXTM, IP/IPX), and that only runs software that you trust. It is important
that your server meet these conditions, because the Organizational
Certificate Authority object is the centerpiece of your PKI system and if
the server that contains the object is compromised, your entire PKI system
could be compromised as well.

To create the Organizational Certificate Authority object using ConsoleOne:

1.Log in to the eDirectory tree as an administrator with the appropriate
To view the appropriate rights for this task, see Creating an Organizational

2.Start ConsoleOne.
3.Expand the eDirectory tree where you want to create the Organizational
Certificate Authority.

This reveals the Security container object.
4.Right-click the Security container object, then click New > Object.
5.From the list box in the New Object dialog box, double-click
NDSPKI:Certificate Authority.

This opens the Create an Organizational Certificate Authority Object dialog
box and the corresponding wizard that creates the object. Follow the prompts
to create the object. For specific information on the dialog box or any of
the wizard pages, click Help.