When importing a certificate onto the admin ui for SiteMinder, user gets this error message when attempting to do so:
YYYY-mm-dd 13:51:21,903 [ERROR] com.ca.federation.adminui.backingbean.keystore.KeyStoreImportBean [] - **ERROR** com.netegrity.smkeydatabase.db.SmCertificateDataStoreException during UI operation.
com.netegrity.smkeydatabase.db.SmCertificateDataStoreException: Error occurred while adding private key and certificate details to the Certificate Data Store. An exception occurred while adding private key and certificate to the Certificate Data Store. Exception Message: Multiple CA certificates exist for issuer C=xx,O=xx,OU=xxxxxxxxx...
The same certificate and private key were imported successfully in another environment.
Command line "smkeytool.sh -addPrivKey" will give the same error.
Release : 12.8.07
Run "smkeytool.sh -listcerts", which will give the full list of certificates and keys inside CDS.
There are 3 types:
In the CDS store, there are multiple certificates already with the exact same issuer C=xx,O=xx,OU=xxxxxxxxx...
When certificate and private key pair are imported, SiteMinder will locate the issuer certificate, which is CertificateAuthorityEntry, and SiteMinder only allows one CertificateAuthorityEntry from the exact same issuer.
"Multiple CA certificates exist" was referring to multiple cert authority (CA) certificate.
The resolution is to remove the extra cert authority (CA) certificate, which has the exact same issuer C=xx,O=xx,OU=xxxxxxxxx...
There can only be one CertificateAuthorityEntry with the same issuer name C=xx,O=xx,OU=xxxxxxxxx..., then the import works.