Error: CertificateDataStore [ERROR] X509CertificateCache.run()
search cancel

Error: CertificateDataStore [ERROR] X509CertificateCache.run()

book

Article ID: 230821

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

Implementing the Option 2 fix as listed in the below advisory for log4j (1).

Some errors related to the Certificate Data Store can be seen once the log4j patch is installed:

   [Dec 14 2021 13:24:13,207] CertificateDataStore [ERROR] X509CertificateCache.run():  Exception occurred during cache update:  must be BG.
   java.lang.RuntimeException: must be BG
    at com.ca.siteminder.rpc.rpc.Dispatcher.processV2(Unknown Source) ~[smrpc.jar:?]
    at com.ca.siteminder.rpc.rpc.ClientDispatcher.trycall(Unknown Source) ~[smrpc.jar:?]
    at com.ca.siteminder.rpc.rpc.ClientDispatcher.calledImpl(Unknown Source) ~[smrpc.jar:?]
    at com.ca.siteminder.rpc.rpc.ClientDispatcher.called(Unknown Source) ~[smrpc.jar:?]
    at com.ca.siteminder.rpc.rpc.ServiceProxy.invoke(Unknown Source) ~[smrpc.jar:?]
    at com.sun.proxy.$Proxy18.PolicyData_search1(Unknown Source) ~[?:?]
    at com.ca.siteminder.sdk.adminapi.XPSBase.search(Unknown Source) ~[smadminapi.jar:?]
    at com.ca.siteminder.sdk.adminapi.XPSBase.search(Unknown Source) ~[smadminapi.jar:?]
    at com.netegrity.smkeydatabase.db.xps.X509CertificateCache.getXPSCertificateData(X509CertificateCache.java:1034) ~[smkeydatabase.jar:?]
    at com.netegrity.smkeydatabase.db.xps.X509CertificateCache.updateCache(X509CertificateCache.java:2101) ~[smkeydatabase.jar:?]
    at com.netegrity.smkeydatabase.db.xps.X509CertificateCache.run(X509CertificateCache.java:1241) [smkeydatabase.jar:?]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_265]
    at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_265]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_265]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_265]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_265]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_265]
    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_265]

Environment

 

Policy Server 12.8SP3 on RedHat 7;

 

Cause

 

This is a very common exception that can come during the Certificate Cache update.

The X509CertificateCache updater thread trying to fetch data from the Policy Server (Policy Server cache) through admin API (see PolicyData_search1 call in exception) during this time for any reason if Policy Server is not reachable or the X509CertificateCache updater thread is unable to contact the Policy Server through RPC calls in such occurrences that admin API throws an exception, that exception will be caught by X509CertificateCache thread and prints in as log message. 

 

Resolution

 

This error message can be ignored and it has no impact on the Policy Server runtime.

 

Additional Information

 

(1)

    CVE-2021-44228: SiteMinder Resolution to the Log4j Vulnerability
    

Powered by Wolken Software