Certificate request problems
You must solve problems in either creating a certificate request, or enabling a returned certificate for use.
- Before you create a certificate request, solve these problems
as administrator:
- Problem: You might not have permission to write to the
certificate request file. Alternatively, there might not be sufficient
free disk space, or the database might not be available.
Solution: Ensure that your permissions are correct, that there is sufficient free disk space, and that the database connection is available. If not, make the appropriate corrections. Then, try the operation again.
- Problem: A value is not specified for the common name.
The common name (
cn
) is part of the unique identification for the certificate. For example, the value ofcn
is used in the subject name for a certificate, which can identify whether a certificate that is being imported matches an original certificate request.Solution: Specify the common name for the certificate. Then, try the operation again.
- Problem: The certificate request file exists.
Solution: The file name that you specified in the certificate request matches an existing certificate request file name. Specify a different file name for the certificate request. For example, specify
myUniqueRequest.crt
. Then, try the operation again.
- Problem: You might not have permission to write to the
certificate request file. Alternatively, there might not be sufficient
free disk space, or the database might not be available.
- When you import a returned CA certificate, solve these problems:
- Problem: The subject name of the certificate that returned
from a certificate authority does not match the subject name in the
original certificate request.
Solution: Correct the file name or alias specification. Then, try the import operation again.
- Problem: An error occurs while verifying the key and certificate.
The certificate request that you submitted to a certificate authority
and the certificate that returned, do not match.
Solution: The problem might be an internal processing error. Collect any information that might be in the audit log and then contact IBM® Software Support.
- Problem: The key in the certificate to be imported does
not match the key in the original certificate request.
Solution: You attempted to match a returned certificate to an incorrect certificate request. Import the certificate by using an alias that corresponds to this response. Then, try the operation again.
- Problem: When you import a certificate with the expiration
year greater than 50 years, you might see these messages:
- Using graphical user interface
Cannot import certificate to the keystore. javax.management.MBeanException: RuntimeException thrown in RequiredModelMBean while trying to invoke operation importCertificate
Workaround: The certificate expiration period cannot be greater than 50 years. To modify the expiration period, change the value of the maximum.keycert.expiration.period.in.years parameter in theSKLMConfig.properties file.
- Problem: The subject name of the certificate that returned
from a certificate authority does not match the subject name in the
original certificate request.