SSL initialization fails when loading HTTPSTK.NLM or the WEB Server.
(Last modified: 15Oct2002)
This document (10056039) is provided subject to the disclaimer at the end of this document.
fact
Novell NetWare 5.1
Certificate Server
symptom
SSL initialization fails when loading HTTPSTK.NLM or the WEB Server.
Error: "Error 10022 enabling SSL services for HTTPSTK.NLM. - SSL Disabled."
fix
The error message appears to show up under three known scenarios:
1) The keyfile name in the load line for HTTPSTK.NLM does not match the certificate name.
Using the default install example: Load HTTPSTK.NLM /SSL /keyfile:"SSL CertificateIP", SSL CertificateIP is either misspelled or the certificate does not exist.
2) Some attribute of the certificate is corrupt, or NDS links between the SAS Service Object and the Server are broken. In this case try creating a new KMO (SSL Certificate) and using it. If this fails, verify that the links between objects are correct. To do this follow the steps below in ConsoleOne (ran from a workstation):
A) Right-click on the Server object, go to properties, select the "Other" tab (you will have to scroll over to the right). You should have a SAS: Service DN attribute with a link/pointer under it that reflects the SAS Service object for this server.
B) Right-click on the SAS Service object for this server, go to properties, select the "Other" tab. Host Server and NDSPKI:Key MaterialDN Attributes (among others) need to be here. Under the Host Server Attribute verify that it points to the correct server. The certificates associated with this server should appear under the NDSPKI:Key MaterialDN attribute. If any attributes or "pointers" are not correct or missing then add/correct them. Attributes can be added by highlighting Attributes: and clicking on the Add button. Then select the correct attribute from the list. Fill in the sub-fields accordingly.
C) Click on the NDS Rights tab for the SAS Service object. Two trustee assignments should exist: The server and the SAS Service object.
D) Click on the Certificate (SSL CertificateIP / SSL CertificateDNS are the defaults) and verify that SAS Service and [Public] are assigned trustees (under the NDS Rights tab).
Re-boot the server after making any changes, especially if you have deleted and re-created the SAS Service object. Either check CONSOLE.LOG or unload and re-load HTTPSTK.NLM with the correct switches and see if the error persists. If the error is still there, delete the SAS object and any certificates associated with this server, run DSREPAIR on the server until there are no errors, then reinstall Certificate Server on this server using the NetWare 5.1 CD. Do not overwrite newer files when prompted during the install.
3) The SAS Service Object is unable to login to the server. Check MONITOR/Connections to see if the SAS Service object has established a connection. The connection should be there as soon as either NILE.NLM or SAS.NLM loads. If not:
A) Verify all links and rights assignements in step 2.
B) If you have just re-installed Certificate Server or re-created the SAS Service object, try re-booting the server.
C) Other problem(s) exist and are being investigated by Novell at this time. The possibilities include: Winsock issues, NLM mismatches, NDS problems, NICI problems, or rights issues. This solution will be updated as the problems and fixes are identified.
document
| Document Title: | SSL initialization fails when loading HTTPSTK.NLM or the WEB Server. |
| Document ID: | 10056039 |
| Solution ID: | NOVL23010 |
| Creation Date: | 16Aug2000 |
| Modified Date: | 15Oct2002 |
| Novell Product Class: | NetWare Novell eDirectory |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.