search cancel

Symantec VIP Enterprise Gateway certificate error: The VIP Certificate could not be replicated. Please try again.

book

Article ID: 171632

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

The VIP certificate in VIP Enterprise Gateway (VIP EGW) has expired and needs to be renewed.
A new certificate has been issued from the VIP Access Manager and imported successfully in VIP EGW.
When performing the action to "Use this key" on the new certificate, the error occurs.

 

Internal error: The VIP Certificate could not be replicated. Please try again.

 

 
Error in vipegconsole.log:
ERROR "2018-05-02 19:36:46.658 GMT-0700" <EGW IP> vipegconsole 1862556458 bf8d2343fa5ce4f7 0  "actor=admin,text=Cannot read file: C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway\server\work\tempCertStores\enckey.pem"
ERROR "2018-05-02 19:36:46.661 GMT-0700" <EGW IP> vipegconsole 1862556458 bf8d2343fa5ce4f7 0  "actor=admin,text=Exception occurred while writing Private Key to OpenSSL cert store for VIP SDK. 
com.verisign.keystore.StoreException: Cannot read from file: C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway\server\work\tempCertStores\enckey.pem (The system cannot find the file specified)
at com.verisign.mauth.conf.console.keystores.KeyManager.copyFileContents(KeyManager.java:1667)
at com.verisign.mauth.conf.console.keystores.KeyManager.addKeyToCertStore(KeyManager.java:1585)
at com.verisign.mauth.conf.console.keystores.KeyManager.replicateVIPSDKStoreAsOpenSSLStore(KeyManager.java:1527)
at com.verisign.mauth.conf.console.keystores.KeyManager.pushVIPSDKKey(KeyManager.java:1446)
at com.verisign.mauth.conf.console.keystores.KeyManager.pushVIPSDKKeyFromAlias(KeyManager.java:1476)
at com.verisign.mauth.conf.console.keystores.ViewAliasesActions.setSelectedRaKeyFromAnchor(ViewAliasesActions.java:752)
at com.verisign.mauth.conf.console.keystores.ViewAliasesActions.repost(ViewAliasesActions.java:200)
at com.verisign.mauth.conf.console.keystores.ViewAliasesActions.handleToken(ViewAliasesActions.java:95)

Cause

openssl.exe in C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway\tools is responsible for processing this request. That file may be missing, renamed, or isolated/blocked by a security policy. 

Resolution

1. Check for the presence of openssl.exe in \Symantec\VIP_Enterprise_Gateway\tools folder.
2. If renamed, rename it back to "openssl.exe". If missing, do a fresh install of the Enterprise Gateway on a test server, copy that file from that server, then dispose of the test server.
3. Restarting EGW services is not required.
4. Use the newly imported VIP certificate

Attachments