Patrick-Dussault

Tech Tip : CA Single Sign-On : AdminUI :: Certificate : Attribute Format

Discussion created by Patrick-Dussault Employee on Dec 14, 2016

Issue :

 

When I insert a new Certificate in the Certificate Store using the AdminUI, the operation fails with error :

 

    16:53:56,349 ERROR [FedPkiKeyStore] **ERROR**
    java.security.cert.CertificateException commiting keystore
    change for alias infdsdbf01.

 

Caused by: com.rsa.certj.cert.NameException: PrintableString expected.How can I fix this ?

 

Environment :

 

AdminUI 12.52SP1

 

Cause :

 

The certificates fields format should respect the standards. In that use case, one of the certificate fields has different format as the one expected.

 

Restrictions of the RFC 5280 :

 

    -- Naming attributes of type X520SerialNumber

 

    id-at-serialNumber AttributeType ::= { id-at 5 }
    X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))

 

    (http://www.ietf.org/rfc/rfc5280.txt)

 

 
Solution:

 

You have to set the serialNumber as PrintableString and not UTF8String to solve the issue.

 

KB : TEC617304

Outcomes