Adding TrustStore to Enforce provokes an Internal Server Error
Article ID: 273437
Updated On:
Products
Issue/Introduction
During an import of a custom TrustStore, an Internal Server error occurs, as per below:
This is what I am seeing in the relevant tomcat localhost log:
|
18 Jul 2023 09:50:10,811- Thread: 119 SEVERE [com.symantec.dlp.enforcedomainservices.certificatemanagement.DLPCertificateManager] Failed to add DLP Root CA cert to truststore. Error:mark/reset not supported 18 Jul 2023 09:50:10,812- Thread: 119 SEVERE [com.symantec.dlp.enforcedomainwebapi.resources.certificatemanagement.CertificateManagementController] Failed to create Certificate : com.symantec.dlp.enforcedomainservices.certificatemanagement.DLPCertificateException: Failed to add DLP Root CA cert to truststore. Error:mark/reset not supported |
Environment
Release : 16.0
Cause
This issue only impacts imports of large trust stores with many certificates. When a truststore file is imported, based on its size "ThresholdingOutputStream" decides which underlying streamtype to use, for small size jks it uses "bytearrayinputstream" and for bigger it uses "fileinputstream". After cert validation, a reset mark on stream is attempted, but that method is not supported for fileinputstream, unlike bytearrayinputstream where it is.
Resolution
This will be resolved in an upcoming product release and a hotfix for DLP 16 RU1 which will be made available on support.broadcom.com portal.
Feedback
