Observed "Failed creating object of class Certificate" when trying to import a new certificate via the AdminUI or command line?
Article ID: 385323
Updated On:
Products
Issue/Introduction
The customer was trying to import new certificates into their environments. All imports were successful except for one specific environment.
Using the AdminUI or smkeytool both logged the same error: Failed creating object of class Certificate
The AdminUI also displayed an error: One or more exceptions trying to commit keystore changes. Please consult the logs.
As noted, the same certificate worked in other environments and the support lab.
Environment
Environment: SITEMINDER -POLICY SERVER
Release: Applicable to all the supported releases
Cause
When comparing the server configurations, in the System DSN configuration for the Oracle Policy Store, under Advanced, this Extended Option was missing:
EnableNcharSupport=0
Resolution
Update DSN Configuration for Policy Store on Oracle
If your Policy Server connects to an existing Oracle Policy Store, update the Policy Store DSN to avoid certificate import failures.
- On Windows, perform the following steps:
- ClickStartand navigate toPrograms,Administrative Tools.
- OpenODBC Data Sources (64-bit).
- Click theSystem DSNtab in theODBC Data Source Administrator (64-bit)dialog.
- Open the existing policy store data source in theSystem Data Sourcessection.
- Click theAdvancedtab in theODBC Oracle Wire Protocol Driver Setupdialog.
- Enter the following value in theExtended Optionsfield:
- ClickOKandOK.
- Open the system_odbc.ini file.
- Locate the Policy Store DSN entry and add the following line in that section:Note:For new Policy Store installations, this configuration is added by default.
- Save the file.
Additional Information
Feedback
