search cancel

Importing certificate to SPkey store not working in ArcotAFM application for SAML integration


Article ID: 241728


Updated On:


CA Strong Authentication CA Advanced Authentication


Importing certificate to SPkey store not working. This is the error message we see in arcotafm.log

2022-05-13 12:23:20,694 [https-openssl-apr-8443-exec-5] DEBUG saml.util.CredentialCreator(29)  -> Loading key store file from the location : /samlcerts/SP.truststore
2022-05-13 12:23:20,694 [https-openssl-apr-8443-exec-5] DEBUG saml.util.ResourceLoader(26)  -> Loaded resource /samlcerts/SP.truststore from local classpath
2022-05-13 12:23:20,694 [https-openssl-apr-8443-exec-5] ERROR saml.util.ArcotSAMLutil(110)  -> Certificate could not be loaded from Service Provider trust store configured : Invalid keystore format
2022-05-13 12:23:20,710 [https-openssl-apr-8443-exec-5] ERROR integrations.frontend.LifeCycleStateData(704)  -> 707024080: SAML Utility initialization failed.: java.lang.ExceptionInInitializerError (ProcessSAMLRequestTask) |665f69a6640587faec1a7f49c3c3651f97958fda


Release : 9.1

Component : Strong Authentication

CA Adapter


From the log file we observed the error "Invalid keystore format" and upon listing the contents of the Trusstore using Keytool command we noticed that the Keystore format was showing as PKCS12, It need to be "jks" format. The issue happened because AdoptOpenJDK version 17 was used to generate the Keystore and it defaulted to PKCS12. 

Downgrading the Java version to 1.8 and recreating the Truststore resolved the certificate error issue.