During an import of a custom TrustStore, an Internal Server error occurs, as per below:
This is what I am seeing in the relevant tomcat localhost log:
18 Jul 2023 09:50:10,811- Thread: 119 SEVERE [com.symantec.dlp.enforcedomainservices.certificatemanagement.DLPCertificateManager] Failed to add DLP Root CA cert to truststore. Error:mark/reset not supported 18 Jul 2023 09:50:10,812- Thread: 119 SEVERE [com.symantec.dlp.enforcedomainwebapi.resources.certificatemanagement.CertificateManagementController] Failed to create Certificate : com.symantec.dlp.enforcedomainservices.certificatemanagement.DLPCertificateException: Failed to add DLP Root CA cert to truststore. Error:mark/reset not supported |
Release : 16.0
This issue only impacts imports of large trust stores with many certificates. When a truststore file is imported, based on its size "ThresholdingOutputStream" decides which underlying streamtype to use, for small size jks it uses "bytearrayinputstream" and for bigger it uses "fileinputstream". After cert validation, a reset mark on stream is attempted, but that method is not supported for fileinputstream, unlike bytearrayinputstream where it is.
This will be resolved in an upcoming product release and a hotfix for DLP 16 RU1 which will be made available on support.broadcom.com portal.