search cancel

Error: System error trying to complete import in AdminUI certificate

book

Article ID: 253416

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running an AdminUI, and importing a renewed certificate, the browser returns the error:

  System error trying to complete import:One or more exceptions trying
  to commit keystore changes. Please consult the logs

 

Resolution

 

If 2 certificates have the same serial number and subject, they should have the same public key. If not, the Certificate Data Store can't have 2 different certificates with the same serial number as RFC 5280 (1).

Policy Server identifies the certificates using the serial number and the subject.

When the public keys are different, the "Update Certificate" cannot be done.

The only option left is to delete the former certificate and the new one.

Before deleting the certificate, export it to keep a copy.

 

Additional Information

 

(1)

    4.1.2.2.  Serial Number

       The serial number MUST be a positive integer assigned by the CA to
       each certificate.  It MUST be unique for each certificate issued by a
       given CA (i.e., the issuer name and serial number identify a unique
       certificate).  CAs MUST force the serialNumber to be a non-negative
       integer.

       Given the uniqueness requirements above, serial numbers can be
       expected to contain long integers.  Certificate users MUST be able to
       handle serialNumber values up to 20 octets.  Conforming CAs MUST NOT
       use serialNumber values longer than 20 octets.