I wish Novell had a published list of possible errors when trying to
create SSL certs for the eDir to eDir driver.

You can do it via iManager (IDM Utilities, eDir to eDir driver cert
wizard) or Designer, or even C1.

Well I always say, use Designer, set the length to 10 years, else it is
a royal pain 2 years from now when you have to return to fix it again.
Had to make 6 month certs in Dev, since I have no interest in fixing the
CA right now. That is someone elses problem.

Turns out if your CA is due to expire before that deadline, you get a
NICI/PKI -1227 error in Designer.

Next, using iManager (which defaults to 2 years anyway, no control) if
the names are too long (longer than 63 chars) because someone thought it
was funny to name the driver:
"eDir to eDir Driver from the first tree to the second
tree.drivers.data.acme.com" will send you a 613, Schema Syntax error,
since it tries to make a cert with a name that is too long.

Good grief.