So, I'm trying to get a ECDSA intermediate CA into eDirectory, but importing the pfx's results in the -1232 error.

The root is an openssl generated one with a secp384r1 curve key and sha512

The intermediate key is also a secp384r1 curve with the sha512 cert signed by the root and pfx bundled.

openssl secp384r1 is the P-384 curve which meets the eDirectory doco requirements.

The PKI plugin is also the latest 9.0.4.20170923 with eDir 9.0.4

I see from the list of fixes that the following was apparently resolved in 9.0.2

- PKI: Server Certificate creation fails with error: -1232 (Bug 993452)