Dear team.
I am running into the following error when trying to update a fipUsers certificate:
"Error creating or updating USER entity, this user is currently not allowed to generate a new cer
t: <value>"
Not sure about where the <value> is coming from , it could be the commonName of the cert or the username.
What is meant by "currently not allowed"? Does that mean, I could re-try ? When ?
The ssg logs show:
2025-08-14T12:23:10.205+0100 INFO 2894 com.l7tech.server.identity.cert.ClientCertManagerImp: this user is currently not allowed to generate a new cert: <value>
2025-08-14T12:23:10.206+0100 INFO 2894 com.l7tech.external.assertions.gatewaygraphql.server.resolver.mutation.BasicGraphQLMutationResolver: Error creating or updating USER entity, this user is currently not allowed to generate a new cert: <value>
2025-08-14T12:23:10.208+0100 WARNING 2894 com.l7tech.external.assertions.gatewaygraphql.server.ServerGatewayGraphQLAssertion: Rolling back the operation-level transaction
2025-08-14T12:23:13.591+0100 INFO 2909 com.l7tech.server.admin: TrustedCert #dd5595e41cb4c7bc4b552760751eadc0 (<value>) updated (changed ski, changed serial, changed thumbprintSha1, changed certBase64)
I am wondering about the last line, does that mean the cert has been updated even though graphman sais its rolled back
When I am doing the cert update through Policy Manager , I get:
The only difference is upper and lower case.
Hmm, that should not be an issue. Distinguished Names shouldn't be case-sensitive.
The subjectDn values of cert and user are exported as lowercase anyway.
Any background on this behavior?
Thank you for any insights.
Kind regards
...Michael
-------------------------------------------