WebSphere Issues

16/05/2012

All the signer certificates must exist in the key database error while adding a cert into keystore

Filed under: Security, Web Server — Ishtiaque @ 8:46 am

Usually the public certificate is sent in the following format:

—–BEGIN CERTIFICATE—–
MIIGGTCCBcOgAwIBAgIKIB35vgACAAAAnjANBgkqhkiG9w0BAQUFADBAMQswCQYD
VQQGEwJTRzExMC8GA1UEAxMoVEVTVFNQIEVudGVycHJpc2UgU3Vib3JkaW5hdGUg
—–END CERTIFICATE—–

You may need to save the contents into a file such as cert-base64.arm. When you add the certificate under Signer Certificates into a keystore, you may get this error “All the signer certificates must exist in the key database”. This error usually occurs when the parent certificate for the certificate authority either does not exit or has been changed. You can view the certificate path by double clicking the cert in Windows and then clicking the tab “Certificate Path”.

If the parent certificate does not exist in the keystore then you need to add the parent certificates in the same order i.e top parent cert first and then it’s children in the certificate path chain. You can save the parent certificate by selecting it in Certificate Path > View Certificate > Details > Copy to File. Save the certificates as .arm file. You can label the cert file with any name when you saving or importing the cert into keystore, but I usually prefer to keep the same name as the cert label in certificate path.

References:

http://www-01.ibm.com/support/docview.wss?uid=swg21257111

 

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: