Unable to import Certificate on AdminUI
Article ID: 229835
Updated On:
Products
Issue/Introduction
[ERROR] com.ca.federation.adminui.backingbean.keystore.KeyStoreImportBean [] - **ERROR** during UI operation: System error trying to complete import: One or more exceptions trying to commit keystore changes. Please consult the logs.
Environment
Release: 12.8.x
Component: SITEMINDER - POLICY SERVER
Cause
Siteminder logs:
[ERROR] com.ca.siteminder.rpc.rpc.ClientDispatcher [] - fault ServerException([sm-xpsxps-01080] : Error occurred during "Add" for "xpsNumber=1003961883,ou=XPS,ou=policysvr4,ou=siteminder,ou=netegrity,dc=siteminder", text: Object class violation : ) object.create 'Certificate'
[ERROR] com.ca.fedpki.api.remote.FedPkiKeyStore [] - **ERROR** java.io.IOException commiting keystore change for alias <alias name>. java.io.IOException: Exception occurred while adding a certificate to the Certificate Data Store. Exception Message: Failed creating object of class Certificate.
Customer reported this error in the Policy Store (IBM Directory Server 6.4). in ibmsldap.log pointing the length of the XPSPROPERTY attribute being the limiting factor.
ibmsldap.log:
2021-11-30T13:52:33.415294-5:00 GLPRDB069E Attribute XPSPROPERTY has a maximum value length of 240. Current attribute value is of length 2011.
Resolution
Increasing the value to a higher number (4000), in the IBM Directory console resolved the issue.
(NOTE: Currently we have only seen this issue on systems that are using IBM Directory as a policy store.)
Feedback
