Invalid Keystore format when trying to create a API Gateway endpoint
search cancel

Invalid Keystore format when trying to create a API Gateway endpoint

book

Article ID: 233101

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

When trying to create a new SCIM Endpoint using Provisioning Manager we are getting an error, "Failed to Load Keystore: Invalid Keystore Format":

This error occurs every time we try to save it regardless of the format of the certificate. 

The connector server logs shows:

21/01/2022 12:37:50: :ETA_E_0003<ADI>, Endpoint '<Endpoint_name>' creation failed: Connector Server Add failed: code 53 (UNWILLING_TO_PERFORM): failed to add entry eTDYNDirectoryName=<endpoint>,eTNamespaceName=<endpoint_name>,dc=im,dc=etasa: [email protected]: SCIM: peer not authenticated (ldaps://10.0.0.2:20411) 

 

Trying to add the certificate to the keystore /ConnectorServer/jcs/conf/ssl.keystore directly also throws an error about the cert being the incorrect format:

java.lang.Exception: Failed to load keystore: Invalid keystore format
 at com.ca.jcs.certificate.CertificateBundleListener.loadKeyStore(CertificateBundleListener.java:281)[132:com.ca.jcs.certificate.bundlelistener:1.1.0.20211111]
 at com.ca.jcs.certificate.CertificateBundleListener.install(CertificateBundleListener.java:147)[132:com.ca.jcs.certificate.bundlelistener:1.1.0.20211111]
...
 at com.ca.jcs.certificate.CertificateBundleListener.loadKeyStore(CertificateBundleListener.java:276)[132:com.ca.jcs.certificate.bundlelistener:1.1.0.20211111]
 ... 56 more

 

Environment

Release : 14.4

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

This seemed to be an odd problem at the browser.  Changing to 'INCOGNITO' mode in the browser allowed the certificate to be imported and the SCIM endpoint to be created. 

If you encounter this try using 'INCOGNITO' mode or an entirely different browser.