Replication fails when you have installed a CA cert


Article ID: 158745


Updated On:


Security Information Manager


You cannot set up replication if you have installed a CA cert.

Starting replication process 
Opening master directory connection 
Configuring NSS provider 
A problem occured while attempting to talk to one of the directories 
netscape.ldap.LDAPException: No trust 
ed certificate found (91) 
at netscape.ldap.LDAPConnSetupMgr.connectServer( 
at netscape.ldap.LDAPConnSetupMgr.openSerial( 
at netscape.ldap.LDAPConnSetupMgr.connect( 
at netscape.ldap.LDAPConnSetupMgr.access$000( 
at netscape.ldap.LDAPConnSetupMgr$ 
at Source) 


The CA cert is not installed on the machine you are using to set up replicatoin


The error you are getting seems to be that the machine you are using does not have your CA cert installed in the java store.
This document assumes you have installed a global Java to get the replication tool to work or you may need to modify the command line below to show the actual path where java is installed on your computer. 

Download the CA cert and copy it to the path where Java is installed usuall C:\Program Files\<folder where Java is installed>\jre\bin

Run the keytool command

Click Start > Run.
In the Open text box, type cmd and click OK.
Change directories to ..\jre\bin directory.
By default this is C:\Program Files\<where java is installed>\jre\bin
Run the command:

keytool.exe -importcert -trustcacerts -alias <cert-alias-name> -file <Location of exported certificat file> -keystore "C:\Program Files\<where your java is installed>t\jre\lib\security\cacerts" -storepass changeit

Note: The <cert-alias-name> can be anything you want.