Customer is unable to import the cert /key pair and getting below error in Admin UI logs.
2022-05-12 12:22:25,676 [ERROR] com.ca.siteminder.rpc.rpc.ClientDispatcher [] - fault ServerException([sm-xpsxps-00540] : Previous error occurred on object "CA.CDS::Certificate@########" : ) object.create 'Certificate'
2022-05-12 12:22:25,704 [ERROR] com.ca.fedpki.api.remote.FedPkiKeyStore [] - **ERROR** java.io.IOException commiting keystore change for alias <Certificate Alias>
java.io.IOException: Exception occurred while adding a certificate to the Certificate Data Store. Exception Message: Failed creating object of class Certificate.
at com.ca.siteminder.security.SMKeyDatabaseStore.store(Unknown Source) ~[fedsecurity.jar:?]
at com.ca.fedpki.api.remote.FedPkiKeyStore.engineStore(Unknown Source) ~[fedremoteapi.jar:?]
at java.security.KeyStore.store(KeyStore.java:1406) ~[?:1.8.0_212]
at com.ca.federation.adminui.backingbean.keystore.KeyStoreImportBean.finish(KeyStoreImportBean.java:297) ~[fedmgr.jar:?]
at sun.reflec
Release : All Policy server versions
Component : SITEMINDER -POLICY SERVER
Policy store : RDBMS
Because of the limitation from the RDBMS database to have 4000 character limit , Policy server is unable to commit the cert/key pair data to policy store.
There is no limitation with LDAP policy store and the same cert/key pair works fine with LDAP policy stores.
Resolution steps
This is not a SiteMinder issue but rather a RDMBS limitation of 4000 characters. This has been updated in the below product documentation.
Customer need to increase the RDBMS character length a per the documentation of their DB to import the certificate /key pair in the policy store.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/product-limitations/policy-server-product-limitations.html#concept.dita_5474047bbd6c7878dbac85ed12af0e375b07e1d6_PolicyServerLimitations