Seeing "Failed creating object of class Certificate" when trying to import a new certificate via the AdminUI or command line
search cancel

Seeing "Failed creating object of class Certificate" when trying to import a new certificate via the AdminUI or command line

book

Article ID: 385323

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The customer was trying to import a new certificates into their environments. All were successful except for one specific environment. 

Using the AdminUI or smkeytool both logged the same error: Failed creating object of class Certificate

The AdminUI also displayed an error: One or more exceptions trying to commit keystore changes. Please consult logs.

As noted, the same certificate worked in other environments and the support lab.

Environment

Policy Server 12.8.7

AdminUI 12.8.7

Policy Store Oracle DB

Cause

When comparing the server configurations, in the System DSN configuration for the Oracle Policy Store, under Advanced, this Extended Option was missing:

EnableNcharSupport=0

Resolution

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade/upgrade-policy-server.html

Update DSN Configuration for Policy Store on Oracle
If your Policy Server connects to an existing Oracle Policy Store, update the Policy Store DSN to avoid certificate import failures.
 
On Windows, perform the following steps:
  • Click 
    Start
     and navigate to 
    Programs
    Administrative Tools
    .
  • Open 
    ODBC Data Sources (64-bit)
    .
  • Click the 
    System DSN
     tab in the 
    ODBC Data Source Administrator (64-bit)
     dialog.
  • Open the existing policy store data source in the 
    System Data Sources
     section.
  • Click the 
    Advanced
     tab in the 
    ODBC Oracle Wire Protocol Driver Setup
     dialog.
  • Enter the following value in the 
    Extended Options
     field:
    EnableNcharSupport=0
  • Click 
    OK
     and 
    OK
    .
    On Linux, perform the following steps:
     
    • Open the system_odbc.ini file.
    • Locate the Policy Store DSN entry and add the following line in that section:
      EnableNCharSupport=0
      Note:
       For new Policy Store installations, this configuration is added by default.
    • Save the file.

    Additional Information