Invalid KeyID with SSL
(Last modified: 10Jan2003)
This document (10024283) is provided subject to the disclaimer at the end of this document.
fact
Novell BorderManager 3.5
Novell BorderManager 3.0
Formerly TID 2947374
symptom
Invalid KeyID with SSL
When trying to enable SSL authentication customer is getting "Invalid KeyID" error and SSL will not initialize.
When clicking on the SAS Service NDS object the following error was generated
Error: "603: Unable to determine the server that owns this object"
cause
The Secure Authentication Server (SAS) NDS object was corrupted.
fix
Delete the SAS Service object. It will not allow you to do this from within NWADMIN. In order to delete this object you need to load NETADMIN.
See TID 2944567 if you are in a NetWare 5 environment and do not have access to NETADMIN.
Run a full unattended DSREPAIR and then re-create the SAS object. (LOAD SASI to create the SAS object).
Note: If you do not have a SASI.NLM on your NetWare 5.1 server, copy it from a NetWare 5.0 server.
If the error persists after deleting and re-creating the SAS Object, all security objects may need to be deleted and recreated.
NOTE: Consider the effects of this before deleting all security objects. If you have multiple BorderManager or NetWare 5 servers they are ALL using the same CA. Deleting the CA can have widespread ramifications.
If you decide to continue use the following steps:
1. Delete the Key Material Objects (KMO) that have been created.
2. Delete the SAS object.
3. Delete the Certificate Authority (CA) out of the Security container.
4. Delete the Security Container out of the tree.
After all of the objects are deleted you will need to unload SAS.NLM on the BorderManager server console. Once the SAS.NLM is unloaded successfully, reload SASI and login as the ADMIN user. This will go through and reload SAS and recreate the SAS Service object and the Security container. It will not recreate the CA and KMO.
Continue with the creation of the Certificate Authority (CA) and Key Material Object (KMO). You should now be able to successfully enable the SSL authentication service.
**Reference Tid 10013818 for configuring SSL Authentication.
document
| Document Title: | Invalid KeyID with SSL |
| Document ID: | 10024283 |
| Solution ID: | 1.0.47583056.2481773 |
| Creation Date: | 04Jan2000 |
| Modified Date: | 10Jan2003 |
| Novell Product Class: | Groupware NetWare Novell BorderManager Services Novell eDirectory Novonyx |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.