Home Forums CA Single Sign-On Getting exception in WAMUI while trying to view certificate list

Tagged: 

This topic contains 4 replies, has 2 voices, and was last updated by  ujwols 8 months, 3 weeks ago.

  • Author
    Posts
  • #626

    Dhilip
    Participant

    Hi Ujwol,

    When I click on Infrastructure –> X509 Certificate Management –> Trusted Certificates and Private Keys. I am getting the following error message:
    “Error: System exception trying to load keystore entries. java.io.IOException: One or more exceptions trying to commit keystore changes. Please consult the logs.”

    While checking the server.log file, I have noticed below lines.
    <<
    2018-05-29 10:22:16,850 WARN [com.ca.fedpki.api.remote.FedPkiKeyStore] (*****) **WARNING** Alias ***1** found in XPS store with no matching smkeydatabase entry. Some key operations might fail.
    2018-05-29 10:22:17,199 ERROR [com.ca.fedpki.api.remote.FedPkiKeyStore] (*****) **ERROR** com.ca.fedxps.api.remote.FedXPSException commiting keystore change for alias ***2**.
    com.ca.fedxps.api.remote.FedXPSException: com.ca.federation.client.XPSException: Cannot Parse the Request. : CA : xpssvc : sm-xpssvc-00770
    at com.ca.fedxps.api.remote.FedXPSObjectStore.create(FedXPSObjectStore.java:283)

    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:662)
    Caused by: com.ca.federation.client.XPSException: Cannot Parse the Request. : CA : xpssvc : sm-xpssvc-00770
    at com.ca.federation.client.XPSHandle.manageObjects(XPSHandle.java:316)
    at com.ca.fedxps.api.remote.FedXPSObjectStore.create(FedXPSObjectStore.java:274)
    … 125 more
    2018-05-29 10:22:17,212 ERROR [com.ca.federation.adminui.backingbean.keystore.KeyStoreBean] (*****) **ERROR** java.io.IOException during UI operation.
    java.io.IOException: One or more exceptions trying to commit keystore changes. Please consult the logs.
    at com.ca.fedpki.api.remote.FedPkiKeyStore.engineStore(FedPkiKeyStore.java:365)
    ..
    at java.lang.Thread.run(Thread.java:662)
    >>

    Could you please let me know how to troubleshoot and fix this issue?

    Regards,
    Dhilip

  • #628

    Dhilip
    Participant

    Ujwol,

    The above issue has been resolved after removing certificate with alias ***2**. May I know what are the validations which will be performed beacuse I could see other certificate with the same Subject and Issuer but with different Serial number and Validity. Will it check for unique Issuer?

  • #631

    ujwols
    Keymaster

    As long as the serial number is different I believe it should allow certs with same subject, same issuer is definitely allowed.

    Looking at the error it seem to indicate policy store related error. Were both the certs imported via Admin UI?

  • #645

    Dhilip
    Participant

    Ujwol,

    Thanks for your response. Certificates were imported using snkeytool. Also, please ignore the below warning(for this issue), as this is completely different certificate (not those two which i was talking about).
    <<
    2018-05-29 10:22:16,850 WARN [com.ca.fedpki.api.remote.FedPkiKeyStore] (*****) **WARNING** Alias ***1** found in XPS store with no matching smkeydatabase entry. Some key operations might fail.
    >>

  • #651

    ujwols
    Keymaster

    ok. then the error “Error: System exception trying to load keystore entries. java.io.IOException: One or more exceptions trying to commit keystore changes. Please consult the logs.””

    is pretty generic error. I am not sure what went wrong. Probably turning the debug logging for Jboss would have given more hints.

    It is normally recommended to import the cert via wamui.

You must be logged in to reply to this topic.