Hi everyone,

Scenario:

1. CA (Certificate Authority) is expired
2. Server certificates are expired or unable to read CRL (the ones which are not expired)

Procedure:

Delete CA:
  1. From “Directory Administration” -> Delete Object


Create new CA:
  1. From “NetIQ Certificate Server” -> Configure Certificate Authority
  2. Standar creation. (We tried with custom too)
  3. Restart eDirectory.


Then we tried to Create Default Certificates and Repair Default Certificates and both acctions give us the following errors:

iManager error:
"Server Certificate (Key Material) Creation Error
There was an error while trying to create the Server Certificate. You need to delete the Server Certificate, if it exists, and start the creation process again.
The error code is: "

PKIHelath.log:
Step 6 Create Default Certificates
PKI_NPKICreateContext returned 0.
PKI_NPKISetTreeName returned 0.
PKI_NPKIDSLoginAsServer returned 0.
error 49186 from NPKICreateDefaultCertificates.
Step 6 failed 49186.


Environment:
Only one server
eDirectory 9 SP3 Patch 1 40005.13
Imanager 3.0.3.2
IDM 4.5.6
Tomcat 8