Cannot create a certificate with same logical name as previously deleted certificate

  • 7006944
  • 28-Sep-2010
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Support Pack 2 applied

Situation

After backing out of some Access Manager changes using the amrestore script, it became impossible to create any certificates with the same certificate name that existed before the restore, even though the certificate is no longer displayed on the cerficates page. Creating a certificate using the same name, the browser would just sit there clocking.

Changing the certificate to a name never used before, it would instantly import.  It appears that something doesn't seem to get cleaned up properly when doing an amrestore.

Steps to duplicate:

1. Do an ambkup.sh on AM 3.1.2 Admin Console (/opt/novell/devman/bin/ dir)
2. Import a cert and take note of the cert name provided
3. Run amrestrore.sh to push config back to step 1.
4. Import the same cert with the same name noted in Step 2.
5. Verify nothing happens and cert does not import.
6. Try again with a different name.
7. Verify cert can import.

Resolution

There are two options:
1. select a different logical name (subject name can be the same) and the certificate will get created
2. manually use an LDAP browser to go into the Admin Console eDir store and remove the certificate from the o=novell container.

Additional Information

amrestore does an ldif import - it does not recreate the entire config. store. As a result, the original certs that existed before the restore are still available.