Hello everyone,

We're in the process of getting rid of an "old" SLES 10 + eDir 885
The rest of our tree runs SLES 11 x64 and eDir 888x, along with and IDM
402 installation.
For several months now, the old server hasn't been running any IDM
component or holding any Master replica.
The last remaining component is the Certificate Authority, which we are
trying to move.

We are following procedures as outlined in
http://www.novell.com/support/kb/doc.php?id=3618399 and
https://www.netiq.com/documentation/...a/a2ebop8.html and
as I've done before with other customers.

When reaching the stage where we should be saving the PKCS12 file, once
we click the "Save the exported certificate" link, we get the following
error message :

Export Error
The private key is not exportable

We have read in the procedures that certificates created with older
versions of the Certificate Server cannot be exported. One procedure
says one requires at least Cert. Server 2.0, the newer procedure
specifically states one needs Cert. Server 2.21. OK, we have NO IDEA
what exact version was running back then. The current certificate was
created in May 2008, using a then-fresh install of eDir, which we can
only assume was 882 based on release history.

Could it be that eDir 882 shipped with an older-than-2.21 version of
Certificate Server, which would explain our problem ?
Or are we facing some other issue here ?
Is there a way to find out which exact version of Certificate Server was
used to create our current certificate ?

If no solution is found, we are looking at creating a new CA from
scratch, and having to reissue and distribute appropriate certificates
to several connected systems (several eDir 2 eDir drivers, SSL links
with several remote loaders, scripts running queries over LDAPS,

Thanks ahead for any help.

Jerome B.

JeromeBuyle's Profile: https://forums.netiq.com/member.php?userid=3026
View this thread: https://forums.netiq.com/showthread.php?t=50361