Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 SUpport Pack 1 applied
NetIQ Access Manager 3.2 Administration Console
NetIQ Access Manager 3.2 SUpport Pack 1 applied
NetIQ Access Manager 3.2 Administration Console
Situation
Access Manager setup and working well.Administrator tried to import a PKCS7 formatted file into the Admin Console but the following exception was thrown:
The following exception is shown in admin console catalina logs
com.novell.nids.certmgr.DirCertException: Error: PKI_E_PARSE_CERTIFICATE,
Error: -1240 at com.novell.nids.certmgr.DirCerts.importTrustedRoot(Unknown Source)
at com.volera.roma.app.handler.CertHandler.k(y:5119) at com.volera.roma.app.handler.CertHandler.E(y:4935)
at com.volera.roma.app.handler.CertHandler.processRequest(y:285)
at com.volera.roma.servlet.GenericController.doPost(y:394) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
Steps to reproduce.
1.Download a pem format trusted root certificate from Admin Console
2.Convert the pem format certificate to PKCS7 format. (with .p7b extension)
3.Import the converted certificate into Admin Console
com.novell.nids.certmgr.DirCertException: Error: PKI_E_PARSE_CERTIFICATE,
Error: -1240 at com.novell.nids.certmgr.DirCerts.importTrustedRoot(Unknown Source)
at com.volera.roma.app.handler.CertHandler.k(y:5119) at com.volera.roma.app.handler.CertHandler.E(y:4935)
at com.volera.roma.app.handler.CertHandler.processRequest(y:285)
at com.volera.roma.servlet.GenericController.doPost(y:394) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
Steps to reproduce.
1.Download a pem format trusted root certificate from Admin Console
2.Convert the pem format certificate to PKCS7 format. (with .p7b extension)
3.Import the converted certificate into Admin Console
Resolution
Import the cert into a browser (Internet Explorer) and export it again as a CER/DER file. Then import the certificate again into the Admin Console.