CA Policy server 12.7/Partnership Fed/Create an Entity without Metadata/Importing cert and key fails
Article ID: 102759
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
- We're running AdminUI, we inserted a new certificate into the
certificate store. But this certificate doesn't show up certificate is not visible in
combo box to select signing certificate for the entity (Signing
Private Key Alias).
When we reproduce this issue, we see the following error in the
server.log of the AdminUI :
2018-05-16 12:17:11,028 ERROR [stderr] (default task-18)
com.netegrity.smkeydatabase.db.SmCertificateDataStoreException:
Error creating JSAFE_PrivateKey object.
2018-05-16 12:17:11,138 ERROR [stderr] (default task-18) Caused by:
com.rsa.jsafe.JSAFE_InvalidKeyException: Invalid key data length,
expected 8
How can we fix this ?
certificate store. But this certificate doesn't show up certificate is not visible in
combo box to select signing certificate for the entity (Signing
Private Key Alias).
When we reproduce this issue, we see the following error in the
server.log of the AdminUI :
2018-05-16 12:17:11,028 ERROR [stderr] (default task-18)
com.netegrity.smkeydatabase.db.SmCertificateDataStoreException:
Error creating JSAFE_PrivateKey object.
2018-05-16 12:17:11,138 ERROR [stderr] (default task-18) Caused by:
com.rsa.jsafe.JSAFE_InvalidKeyException: Invalid key data length,
expected 8
How can we fix this ?
Cause
Looking at the AdminUI debug logs, we see that the issue occurs on
certificate wamqasp2010, which is over due date.
server.log
14. 2018-05-30 15:23:14,193 DEBUG
[com.ca.siteminder.rpc.rpc.ClientDispatcher] (default task-51)
call PolicyData_search CA.CDS::Certificate
(CA.CDS::Certificate.Alias EQ myoldcertiifcate) true
15. 2018-05-30 15:23:14,209 DEBUG
[com.ca.siteminder.rpc.rpc.ClientDispatcher] (default task-51)
call Security_decryptSensitiveAttribute
CA.CDS::[email protected]
CA.CDS::Certificate.PrivateKey
16. 2018-05-30 15:23:14,209 ERROR [stderr] (default task-51)
com.netegrity.smkeydatabase.db.SmCertificateDataStoreException:
Error creating JSAFE_PrivateKey object.
When looking at certificate which has alias "myoldcertiifcate", we noticed that the certificate was expired.
certificate wamqasp2010, which is over due date.
server.log
14. 2018-05-30 15:23:14,193 DEBUG
[com.ca.siteminder.rpc.rpc.ClientDispatcher] (default task-51)
call PolicyData_search CA.CDS::Certificate
(CA.CDS::Certificate.Alias EQ myoldcertiifcate) true
15. 2018-05-30 15:23:14,209 DEBUG
[com.ca.siteminder.rpc.rpc.ClientDispatcher] (default task-51)
call Security_decryptSensitiveAttribute
CA.CDS::[email protected]
CA.CDS::Certificate.PrivateKey
16. 2018-05-30 15:23:14,209 ERROR [stderr] (default task-51)
com.netegrity.smkeydatabase.db.SmCertificateDataStoreException:
Error creating JSAFE_PrivateKey object.
When looking at certificate which has alias "myoldcertiifcate", we noticed that the certificate was expired.
Environment
Policy Server 12.7;
AdminUI 12.7;
AdminUI 12.7;
Resolution
You removed the certificate "myoldcertiifcate" from the CDS (Certificate Data Store) to
solve the issue.
solve the issue.
Feedback
Yes
No
Powered by
