OUD - Cannot Change Replication Certificate (after deleting the OUD instance that was using that certificate and rebuilding the instance and using the same keystore over again).
Last updated on NOVEMBER 13, 2017
Applies to:Oracle Unified Directory - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
The following scenario is described:
Issue: OUD - Cannot change replication certificate
Trying to run the command to replace the self-signed certificate used for OUD replication.
An example of the command used, may be as follows:
dsreplication set-cert \
--hostname host.domain.com \
--port 4444 \
--replCertNickName "name-oud_2048_ad_ssl" \
--replKeyStoreType JKS \
--replKeyStorePath /oracle/product/oud/oud_cert/keystore \
--replKeyStorePasswordFile /oracle/product/oud/oud_cert/keystore.pin \
--adminUID admin \
The JKS keystore file in the directory is valid. It's being used for HTTPS with ODSM.
Error Output Reported
When running the above command the following error may be displayed:
>>>> Specify Oracle Unified Directory LDAP connection parameters
Password for user 'admin':
Establishing connections and reading configuration ..................... Done.
The certificate of server hostname.domain.com:4444 cannot be updated
because some symmetric keys cannot be decoded. If you have updated the
certificates recently, you can wait for the registration data to synchronize
and try again later.
The following cipher symmetric keys cannot be decoded:
Attempted Resolution Notes
- Already tried to use the steps in Doc ID 2262484.1 but that did not resolve the issue.
- When trying to use the "Regenerate the Certificate Used for Replication" option, the same error is shown.
Attempting to set a new OUD replication certificate.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms