000015896 - 'Certificate DN' contains invalid characters.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015896
Applies ToAuthentication Manager

The indicated field(s) on this page require your attention.

"Certificate DN" contains invalid characters.

CauseThe field used by AM7.1 for the Certificate DN has special characters in the Identity Source.  A space is considered a special character.   If it is read-only, it cannot be changed.


Go to the Operations Console, edit the Identity Source that contains the user,  and select the "Map" tab. Look for the section Certificate DN to see which LDAP attribute this is mapped to  (the default is "comment"). 

 If the IS is Win2003 you will need to use the tool that made the change in the LDAP. You can use Microsoft's ldifde to see the attibute:
 ldifde -f filename.txt -r samaccountname=(username)           where (username) is the name of the user 

If the IS is Win2008, select Active Directory Users and computers, and edit the user with the issue. Select the Attribute Editor tab and go to this attribute.  The value for this attribute will show special characters. 

It is NOT recommended that this attribute be changed, until you know what utility changed it, why it was done, and if it can be changed in your environment.    If this was set by another tool, check with the tool owner to see if the attribute can be changed to an acceptable value. 


Determine a field in your active directory that isn't likely to have any characters for ANY users, and change the IS settings in the OC to use this field.

NotesQuest Pasword manager is one of the applications that will use this field
Legacy Article IDa51259