Symantec Access Management

Expand all | Collapse all

X 509 Certificate Management BUG!?

Jump to Best Answer
  • 1.  X 509 Certificate Management BUG!?

    Posted 05-25-2013 12:21 PM
    All
    I'm running into an issue that seems to be affecting my environment on R12.5. I'm doing an evaluation of SM R12.5 on windows 2008 R2 enterprise and using active directory as the user store. From my understanding the smkeydatabase creation with the smkeytool has been deprecated, we now have to use the X 509 Certificate Management in the WAM UI. I've ran into various issues where I would add a private key to the X 509 cert database through the WAM UI and I'm unable to see the cert in the WAM UI.

    I ran the xpsexplorer command to see if the cert exist in the policy store, which was confirmed but is not visible on the WAM UI. I tried to delete the cert via xpsexplorer which was successful but now when I try to add any other certs to X 509 Cert managemnet database I get the following error:

    System error trying to complete import : One or more exceptions trying to commit keystore changes. Please consult the logs.

    Anyone else running into issues with the x 509 cert management database? It's been very buggy for me.


  • 2.  RE: X 509 Certificate Management BUG!?

    Posted 05-28-2013 04:18 PM
    Hi All,

    Any input here for this one?

    Thanks!
    Chris


  • 3.  RE: X 509 Certificate Management BUG!?

    Posted 05-28-2013 04:34 PM
    what do you see when you type this

    C:\Program Files\Java\jdk1.6.0_27\jre\bin>keytool.exe -list -keystore "C:\Program Files\CA\siteminder\adminui\server\default\security\trustStore.jks

    note the path that i use for the keytool.exe file as well as the trustStore.jks. your set up could be different

    T.


  • 4.  RE: X 509 Certificate Management BUG!?
    Best Answer

    Posted 05-29-2013 09:52 AM
    Hello mjeanjacques ,

    This is a kind of an issue where we need a lot of fine detail to see what could have gone wrong. A support engineer mau have to Webex into your environment and examine. Please open a case with CA Support.

    Thank you.
    - Vijay


  • 5.  Re: X 509 Certificate Management BUG!?

    Posted 09-12-2014 01:52 AM

    Mike,

        Did you get resolution from CA on this issue ? we are encountering the same issue in our environment.



  • 6.  RE: X 509 Certificate Management BUG!?

    Posted 10-21-2019 12:40 PM
    Was there an update bout this?  I am getting the exact message on SiteMinder 12.6 today.


  • 7.  RE: X 509 Certificate Management BUG!?

    Posted 10-22-2019 02:20 AM
    Hi,

    About the error :

    "One or more exceptions trying to commit keystore changes"

    This one is kind of generic one. For the certificates, when adding and
    removing certificates, make sure that :

    - You don't try to reuse the same certificate "alias" i.e. I've
    deleted the certificate with alias "mycert1" and I try to add a
    new one with the same alias "mycert1";
    - All aliases are unique;
    - All certificates are unique;

    I hope this helps,

    Best Regards,
    Patrick