OUD 11g - Cannot Change Replication Certificate after Deleting the OUD instance that was using the Certificate and Rebuilding the Instance using the Same Original Keystore
(Doc ID 2312448.1)
Last updated on JULY 16, 2020
Applies to:Oracle Unified Directory - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
OUD - Cannot change replication certificate
Trying to run the command to replace the self-signed certificate used for OUD replication.
An example of the command used, may be as follows:
--hostname <HOSTNAME>.<DOMAIN> \
--port <PORT> \
--replCertNickName "<CERT_NICKNAME> \
--replKeyStoreType JKS \
--replKeyStorePath $OUD_HOME/oud/oud_cert/keystore \
--replKeyStorePasswordFile $OUD_HOME/oud/oud_cert/keystore.pin \
--adminUID admin \
Error Output Reported
When running the above command the following error may be displayed:
>>>> Specify Oracle Unified Directory LDAP connection parameters
Password for user 'admin':
Establishing connections and reading configuration ..................... Done.
The certificate of server <HOSTNAME>.<DOMAIN>:<PORT> cannot be updated
because some symmetric keys cannot be decoded. If you have updated the
certificates recently, you can wait for the registration data to synchronize
and try again later.
The following cipher symmetric keys cannot be decoded: <CIPHER_SYMMETRIC_KEYS>
Attempted Resolution Notes
- Already tried to use the steps in Doc ID 2262484.1 but that did not resolve the issue.
- When trying to use the "Regenerate the Certificate Used for Replication" option, the same error is shown.
Attempting to set a new OUD replication certificate.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document