ODSEE11g - When Using "dsadm" to Manage Certificates New Cert Database Files are Created ("cert9.db" and "key4.db") and the "dse.ldif" Configuration File is Not Updated (Doc ID 2638781.1)

Last updated on NOVEMBER 03, 2023

Applies to:

Symptoms

When managing the certificate database using the "dsadm" command against ODSEE11.1.1.7.190716 the files are updated:

slapd-cert8.db to slapd-cert9.db
and
slapd-key3.db to slapd-key4.db

and the certificates are successfully added to the new certificate database (i.e.; slapd-cert9.db)

However the Directory Server configuration file (dse.ldif) is not update and still references old path/cert_files.

Changes

The below is an example listing of the files AFTER the dsadm to manage the certificates:

# ls -la /<INSTANCE_PATH>/alias
total 140
drwxr-xr-x 2 <USER> <GROUP> 140 Jan 17 10:59 .
drwxr-xr-x 11 <USER> <GROUP> 108 Jan 17 10:47 ..
-rw------- 1 <USER> <GROUP> 1586 Jan 31 2017 certmap.conf
-rw------- 1 <USER> <GROUP> 539 Dec 17 10:38 pkcs11.txt
-rw------- 1 <USER> <GROUP> 16384 Jan 31 2017 secmod.db
-rw------- 1 <USER> <GROUP> 65536 Dec 17 10:38 slapd-cert8.db
-rw------- 1 <USER> <GROUP> 28672 Jan 13 13:38 slapd-cert9.db
-rw------- 1 <USER> <GROUP> 16384 Dec 17 10:38 slapd-key3.db
-rw------- 1 <USER> <GROUP> 28672 Jan 13 13:37 slapd-key4.db

The below command shows the old path/files are still referenced in the dse.ldif and not the new:

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.