Error: CertificateDataStore [ERROR]
search cancel

Error: CertificateDataStore [ERROR]


Article ID: 230821


Updated On:





Implementing the Option 2 fix as listed in the below advisory for log4j (1).

Some errors related to the Certificate Data Store can be seen once the log4j patch is installed:

   [Dec 14 2021 13:24:13,207] CertificateDataStore [ERROR]  Exception occurred during cache update:  must be BG.
   java.lang.RuntimeException: must be BG
    at Source) ~[smrpc.jar:?]
    at Source) ~[smrpc.jar:?]
    at Source) ~[smrpc.jar:?]
    at Source) ~[smrpc.jar:?]
    at Source) ~[smrpc.jar:?]
    at com.sun.proxy.$Proxy18.PolicyData_search1(Unknown Source) ~[?:?]
    at Source) ~[smadminapi.jar:?]
    at Source) ~[smadminapi.jar:?]
    at com.netegrity.smkeydatabase.db.xps.X509CertificateCache.getXPSCertificateData( ~[smkeydatabase.jar:?]
    at com.netegrity.smkeydatabase.db.xps.X509CertificateCache.updateCache( ~[smkeydatabase.jar:?]
    at [smkeydatabase.jar:?]
    at java.util.concurrent.Executors$ [?:1.8.0_265]
    at java.util.concurrent.FutureTask.runAndReset( [?:1.8.0_265]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301( [?:1.8.0_265]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ [?:1.8.0_265]
    at java.util.concurrent.ThreadPoolExecutor.runWorker( [?:1.8.0_265]
    at java.util.concurrent.ThreadPoolExecutor$ [?:1.8.0_265]
    at [?:1.8.0_265]



Policy Server 12.8SP3 on RedHat 7;




This is a very common exception that can come during the Certificate Cache update.

The X509CertificateCache updater thread trying to fetch data from the Policy Server (Policy Server cache) through admin API (see PolicyData_search1 call in exception) during this time for any reason if Policy Server is not reachable or the X509CertificateCache updater thread is unable to contact the Policy Server through RPC calls in such occurrences that admin API throws an exception, that exception will be caught by X509CertificateCache thread and prints in as log message. 




This error message can be ignored and it has no impact on the Policy Server runtime.


Additional Information



    CVE-2021-44228: SiteMinder Resolution to the Log4j Vulnerability