I have two OES 11 servers with certificates expiring in a few days, and
I am unable to recreate the certificates. I began by replacing our CA
according to the instructions at
https://www.novell.com/support/kb/doc.php?id=7013047. That seemed to go
fine. Then I went to recreate the certs for one of our servers based on
http://tinyurl.com/ntsbeeb. I got as far as step 9c, but the certs
created do not show Valid. Instead they show "Invalid: CRL Decode
Error". I have been researching this for about three hours and don't
know what else to do.

When I create the new server certs they include a reference to a CRL
file that doesn't exist on the CA. When I create or recreate the CA it
gives a Distribution Point of http://ourserver:80/crl/CRL_x.crl. and a
CRL File path of apache2\htdocs\crl\CRL_x.crl. That directory path
doesn't exist on our server, but based on the DP I realized that there
should be a "crl" directory off the root of the CA's web server, which
appears to be /srv/www/htdocs. So I created /srv/www/htdocs/crl and
gave everyone full permissions in case that's a factor. In iManager I
went to Configure Certificate Authority > CRL and created a new CRL,
telling it to create the file at /srv/www/htdocs/crl. I still can't
find a .crl anywhere on the CA server! Until I get an accessible CRL
file or am able to create servers certs without the CRL reference I'm

I'd very much appreciate any help. I'm not an expert on any of this,
and I'm concerned because I don't know what services are going to break
when these certs expire soon.

jcw_av's Profile: https://forums.netiq.com/member.php?userid=4907
View this thread: https://forums.netiq.com/showthread.php?t=50718