Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

Trusted root Certificate upload is failing with PKCS7 format certificates

This document (7011948) is provided subject to the disclaimer at the end of this document.


NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 SUpport Pack 1 applied
NetIQ Access Manager 3.2 Administration Console


Access Manager setup and working well.Administrator tried to import a PKCS7 formatted file into the Admin Console but the following exception was thrown: The following exception is shown in admin console catalina logs

 com.novell.nids.certmgr.DirCertException: Error: PKI_E_PARSE_CERTIFICATE,
Error: -1240 at com.novell.nids.certmgr.DirCerts.importTrustedRoot(Unknown Source)
at at
at com.volera.roma.servlet.GenericController.doPost(y:394) at javax.servlet.http.HttpServlet.service(
at javax.servlet.http.HttpServlet.service(
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
at org.apache.catalina.core.StandardWrapperValve.invoke(

Steps to reproduce.

1.Download a pem format trusted root certificate from Admin Console
2.Convert the pem format certificate to PKCS7 format. (with .p7b extension)
3.Import the converted certificate into Admin Console


Import the cert into a browser (Internet Explorer) and export it again as a CER/DER file. Then import the certificate again into the Admin Console.


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011948
  • Creation Date:14-MAR-13
  • Modified Date:14-MAR-13
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback