Symantec Directory : Regenerating self-signed certs with dxcertgen command line tool fails.
search cancel

Symantec Directory : Regenerating self-signed certs with dxcertgen command line tool fails.

book

Article ID: 251184

calendar_today

Updated On:

Products

CA Directory

Issue/Introduction

Attempt to regenerate self-signed certs may result in to failure reporting following error.

[dsa@hostname ~]$ dxcertgen certs
Setting root certificate and public/private keys for signing...
! Exporting certificate 'dxcertgen' from /opt/CA/Directory/dxserver/config/ssld/javakeystores/cacerts...
! alias 'dxcertgen' not found
Generating public and private key pair...
! Generating key pair for 'dxcertgen' in /opt/CA/Directory/dxserver/config/ssld/javakeystores/cacerts...
Error: keytool error: java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SESSION_READ_ONLY


Error: keytoolGenerateKeyPair() failed
Error: generateKeyPair() failed
Error: setRootCertAndKeyPair() failed
Segmentation fault (core dumped)
[dsa@hostname ~]$

Environment

Release : 14.1

Component : CA Directory

Resolution

This could be related to you having JAVA_HOME set for 'dsa' user. 
e.g. As a 'dsa' user, execute 'env' command from system prompt and you will see something like the below in the output:

JAVA_HOME=/usr/lib/jvm/java-1.8.0

Solution would be to:

** Temporarily unset this JAVA_HOME variable for 'dsa' user account.
** Re-run 'dxcertgen certs' command
** After successful execution, you can reintroduce JAVA_HOME back in the environment.

Powered by Wolken Software