I'm trying to set up secure LDAP between my organization and its parent
entity. Their cert provider is InCommon, so I had to submit my CSR to
them. I created the CSR in iManager and submitted it, and received the
following in reply:

================================================== =======================================
* Click the following link to download your SSL certificate (generally
try to use a version that includes intermediates & root or your
certificate may be rejected by some older clients)

Format(s) most suitable for your server software:
as X509, Base64 encoded: [URL ending in "&format=x509"]

Other available formats:
as PKCS#7 Base64 encoded: [URL ending in "&format=base64"]
as PKCS#7 Bin encoded: [URL ending in "&format=bin"]
as X509 Certificate only, Base64 encoded: [URL ending in
"&format=x509CO"]
as X509 Intermediates/root only, Base64 encoded: [URL ending in
"&format=x509IO"]
as X509 Intermediates/root only Reverse, Base64 encoded: [URL
ending in "&format=x509IOR"]
================================================== =======================================

When I submitted the CSR to InCommon, I specified the server type as
'other', since "Novell eDirectory" wasn't a choice.

If I download the first cert and import it to the KMO object, I get "A
certificate was not found in the NDS tree certificate authority (CA)
object or Server Certificate Object (also known as the Key Material
Object)."

If I download "X509 Certificate only" and "X509 Intermediates/root only"
(both Base64 encoded), I get "PKI ERROR -1227 - A link within the
certificate chain in a Server Certificate Object (also known as the Key
Material Object) is missing or is invalid."

Does anyone know how to make this work?

Thanks