Siteminder Policy Server Upgrade Error - "SmCertDBMigrate utility execution failed"
Article ID: 391546
Updated On:
Products
Issue/Introduction
While performing an in-place upgrade of the SiteMinder Policy Server, the following error is returned during installation:
===========================================================
SmCertDBMigrate utility execution failed
----------------------------------------
SmCertDBMigrate utility, which exports all certificates from Netscape
Certificate Database File to trusted.pem, failed with the following error:
COMMAND: sh <install_dir>/tmp/xxxxxxx.tmp/RunSmCertDBMigrate.shSTDERR: <Siteminder_home>/bin/SmCertDBMigrate.sh: line 66: dos2unix:
command not found
STDOUT: Certificate Nickname <Nick_name>
Attributes
SSL,S/MIME,JAR/XPI
<ROOT_CERT_NAME> C,,
export <ROOT_CERT_NAME> certificate
RETURN: 127
PRESS <ENTER> TO ACCEPT THE FOLLOWING (Continue):
Installation Complete
---------------------
Congratulations. Symantec SiteMinder Policy Server has been successfully
installed to:
<Siteminder_home>
--------------------------
OS :<OS_NAME>
===========================================================
The following is printed to the "Symantec_SiteMinder_Policy_Server_Install_<MM>_<DD>_<YYYY>_<hh>_<mm>_<ss>.log" file:
===========================================================
Summary
-------
Installation: Successful with errors.
4913 Successes
0 Warnings
1 NonFatalErrors
0 FatalErrors
....
Executable command: sh /logs/tmp/731274.tmp/RunSmCertDBMigrate.sh
STDOUT:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
<Cert_name_1>_Root_CA C,,
<Cert_name_2>_2024.cer C,,
export <Cert_name_1>_CA certificate
export <Cert_name_2>.cer certificate
STDERR: <Siteminder_home>/bin/SmCertDBMigrate.sh: line 66: dos2unix: command not found
RETURN_VALUE: 127
===========================================================
Environment
Siteminder release: 12.9
Component: Policy Server
OS: Linux
Cause
SmCertDBMigrate utility exports all certificates from the Netscape Certificate Database to the file "trusted.pem"
Here are the key points that the 'SmCertDBMigrate.sh' is doing:
1) Setting the variable for 'outputfile'.
outputFile="$NETE_PS_ROOT/config/trusted.pem"
2) Running 'certutil' and piping the output to output file
certutil -L -d $certDBPath -n "$line" -a >> "$outputFile"
3) Running 'dos2unix' against the 'outputfile' if script is successful
line 66: dos2unix "$outputFile"
NOTE: Line 62 also runs 'dos2unix' as part of an 'if' statement, however that is part of a condition of a failure. Seeing the error in line 66, means that the "if" statement did not get triggered.
The issue is that the last step needs to run 'dos2unix' against the 'trusted.pem' file that is created during the migration process. The file was created successfully, however the 'dos2unix' step fails because either 'dos2unix' is not installed on the Linux host where the Policy Server is being installed/upgraded, or it is not sourced properly and the path cannot be found.
A Windows file uses a Carriage Return (designated as ) and a Line Feed (designated as \n) . Linux only uses a Line Feed. When a file contains both, Linux has problems reading the file properly. You can usually see the problem on a Linux host by opening the file with VIM. If you see the ^M character at the end of each line, then it contains both the CR and LF line breaks.
You can use VIM to open the 'trusted.pem' to see if there is the ^M character at the end of one or more lines. If this file is being used on a Linux host, then the windows carriage return (CR) needs to be removed. This can be done with 'dos2unix'.
Resolution
1) Download and install 'dos2unix' on the Policy Server host.
2) Run 'dos2unix' against the 'trusted.pem' file.
dos2unix <Install_Dir>/<path>/trusted.pem
Feedback
