Certificate Load Fails while Certificate Monitoring is On. Cisco IdS is in Partial Service

From DocWiki

Jump to: navigation, search

Certificate Load Fails while Certificate Monitoring is On. Cisco IdS is in Partial Service

Problem Summary Certificate Load Fails while Certificate Monitoring is On. Cisco IdS is in Partial Service. The nodes dashboard will show a reason as “SAML Certificate load failed”.
Error Message 2016-06-06 21:22:52.234 IST(+0530) [pool-8-thread-1] ERROR com.cisco.ccbu.ids CertificateMonitor.java:199 - Failed to load certificate with alias samlspkey java.io.FileNotFoundException: /opt/cisco/ids/samlspkeystore.jks (No such file or directory)
...

2016-03-09 16:36:32.453 IST(+0530) default DEBUG [pool-3-thread-1] com.cisco.ccbu.ids IdSStateManager.java:77 - Health event with id SAML_CERTIFICATE_LOAD_FAILED has come from com.cisco.ccbu.ids.security.CertificateMonitor that can potentially change the state from STATE_IN_SERVICE
2016-03-09 16:36:32.454 IST(+0530) default DEBUG [pool-1-thread-1] com.cisco.ccbu.ids IdSStateManager.java:82 - event SAML_CERTIFICATE_LOAD_FAILED posted to the current processor com.cisco.ccbu.ids.state.InServiceIdSStateProcessor@1a4c898
2016-03-09 16:36:32.454 IST(+0530) default DEBUG [pool-1-thread-1] com.cisco.ccbu.ids IdSStateManager.java:84 - event SAML_CERTIFICATE_LOAD_FAILED posted to the current processor resulted in the new state STATE_PARTIAL_SERVICE
2016-03-09 16:36:32.454 IST(+0530) default INFO [pool-1-thread-1] com.cisco.ccbu.ids IdSStateManager.java:101 - changing the state as current state STATE_IN_SERVICE is different from new state STATE_PARTIAL_SERVICE as a result of SAML_CERTIFICATE_LOAD_FAILED
Possible Cause

SAML keystore file was not found. 

Recommended Action
Regenerate certificates.
Release Release 11.5(1)
Associated CDETS # None


Rating: 0.0/5 (0 votes cast)

Personal tools