Symantec Identity Suite - trusted.pem contains old certs - Services stuck starting during deployment

search cancel

Symantec Identity Suite - trusted.pem contains old certs - Services stuck starting during deployment

book

Article ID: 251971

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

Add/remove of nodes with CA Directory application within Symantec Identity Suite / Virtual Appliance is not cleaning up old certs in the trusted.pem. This causes services to become stuck starting during deployment.

Environment

Release : 14.4

Resolution

su - dsa
dxcertgen listca

Once you have the list, it is time to remove the no longer valid certs.

dxcertgen -r "invalidcert#" removeca
Example:

dxcertgen -r 5 removeca

Remove 1 at a time as each time the cert numbers change.

Run 'dxcertgen listca' after each removal.

Example:

dxcertgen listca
dxcertgen -r 2 removeca
dxcertgen listca
dxcertgen -r 2 removeca
dxcertgen listca
dxcertgen -r 5 removeca
dxcertgen listca

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/tools-to-manage-ca-directory/dxtools/dxcertgen-tool-generate-and-work-with-certificates.html

This is planned to be fixed in 14.4.2

Feedback

thumb_up Yes

thumb_down No