Tech Tip : CA Single Sign-On : AdminUI :: Certificate : Attribute Format

Discussion created by Patrick-Dussault Employee on Dec 14, 2016

Issue :


When I insert a new Certificate in the Certificate Store using the AdminUI, the operation fails with error :


    16:53:56,349 ERROR [FedPkiKeyStore] **ERROR** commiting keystore
    change for alias infdsdbf01.


Caused by: com.rsa.certj.cert.NameException: PrintableString expected.How can I fix this ?


Environment :


AdminUI 12.52SP1


Cause :


The certificates fields format should respect the standards. In that use case, one of the certificate fields has different format as the one expected.


Restrictions of the RFC 5280 :


    -- Naming attributes of type X520SerialNumber


    id-at-serialNumber AttributeType ::= { id-at 5 }
    X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))






You have to set the serialNumber as PrintableString and not UTF8String to solve the issue.


KB : TEC617304