SecurID^® Discussions

resteves · ‎2022-09-29

Hi,

I'm trying to import a new certificate on my RSA SecurID appliances in the virtual host section (Deployment Configuration → Certificates → Virtual Host Certificate Management), and when i import the certificate i get this error:

This certificate is already imported

I already tried also to extract from the p7b only the certificate without the CAs and import only the certificate and i get the same error.

/opt/rsa/am/server/logs/ops-console.log:

@@@2022-09-29 02:41:31,393 ERROR [[ACTIVE] ExecuteThread: '14' for queue: 'weblogic.kernel.Default (self-tuning)'] GUILog.traceException(587) | exception:
com.rsa.ims.security.tools.ssl.exception.InvalidCertificateException: This certificate is already imported
at com.rsa.ims.security.tools.ssl.ImportSSLCertConsoleHelper.importP7CertWithException(ImportSSLCertConsoleHelper.java:316)
at com.rsa.ims.security.tools.ssl.ImportSSLCertConsoleHelper.importP7Cert(ImportSSLCertConsoleHelper.java:231)
at com.rsa.ims.web.operationsconsole.action.ConsoleCertManagementAction.importCert(ConsoleCertManagementAction.java:680)
at com.rsa.ims.web.operationsconsole.action.VirtualHostCertManagementAction.importCert(VirtualHostCertManagementAction.java:186)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.rsa.ui.common.struts.action.RSABaseDispatchAction.execute(RSABaseDispatchAction.java:180)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
at com.rsa.ui.common.util.RSAWebRequestProcessor.process(RSAWebRequestProcessor.java:221)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1926)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:464)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:295)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:353)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.rsa.ui.common.security.csrf.CSRFFilter.doFilterInternal(CSRFFilter.java:196)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.rsa.ui.common.filter.UrlValidationFilter.doFilter(UrlValidationFilter.java:245)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.rsa.ims.common.operationsconsole.security.filter.CommonOCIMSSignOnFilter$1.run(CommonOCIMSSignOnFilter.java:179)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
at com.rsa.ims.common.operationsconsole.security.filter.CommonOCIMSSignOnFilter.doFilter(CommonOCIMSSignOnFilter.java:176)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.rsa.ims.common.operationsconsole.security.filter.CommonOCSignOnFilter.doFilter(CommonOCSignOnFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.rsa.ims.sso.filter.HeaderValidationFilter.doFilter(HeaderValidationFilter.java:174)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3800)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3766)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:344)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2454)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2302)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2280)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1721)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1681)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:655)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)

Anyone has any idea?

resteves · ‎2022-10-04

So basically the problem was that we renewed the certificate using the existing CSR, that's why it always complained that already existed.

After generating new CSR and new certificate from new CSR i was able to import it without problem.

View solution in original post

EricaChalfin · ‎2022-09-29

@resteves,

Try the steps in this article on RSA Authentication Manager 8.x import of replacement certificate fails with the error This certificate is already imported.

Best regards,
Erica

resteves · ‎2022-09-29

I tried that as well, but same error.

EricaChalfin · ‎2022-09-29

@resteves,

If that is the case, I'd recommend opening a new support case with our technical support team to assist in resolving your issue.

Best regards,
Erica

resteves · ‎2022-10-04

So basically the problem was that we renewed the certificate using the existing CSR, that's why it always complained that already existed.

After generating new CSR and new certificate from new CSR i was able to import it without problem.

EricaChalfin · ‎2022-10-04

@resteves,

So glad to hear your issue was resolved with such an easy fix!

Best regards,
Erica

SecurID® Discussions

RSA SecurID 8.6 - Import new certificate for virtual host - Error This certificate is already imported

SecurID^® Discussions