We are importing certificates in R12.52 Policy Stores through CLI, using the command to import the cert in base 64 format:
./smkeytool.sh -addCert -alias "Certname" -infile /tmp/"ceertificate"
And when cert is sucessfully imported in Policy Store, if the cert has special characters like "./" in IssuerDN, then the cert is not added properly and thus SAML SSO fails at signature validation, with the error: "Exception while verifying signature"
We have checked certs using XPSExplorer and we see cert is stored in two places as listed below:
1) CA.CDS::
2) CA.FED::
In both, we see different IssuerDN:
1-CA.CDS::
IssuerDN = "C=US,O=Test\, Inc.,OU=See www.Test.net/legal-terms,OU=(c) 2012 Test\, Inc. - for authorized use only,CN=Test Certification Authority - F2K"
2-CA.FED::Certificate
--------------- Attributes from CA.FED::Certificate ---------------
Alias = "test"
CertificateGUID = CA.CDS::Certificate@000b54ff-ef11-16e5-af06-f8a50b1ca4ee
FIPSApproved = true
IssuerDN = "CN=Test Certification Authority - F2K, OU="(c) 2012 Test, Inc. - for authorized use only", OU=See www.Test.net/legal-terms, O="Test, Inc.", C=US"
Type = <Certificate>
-------------------------------------------------------------------
So when we see how it is stored in CA.FED and in CA.CDS. The only difference is in IssuerDN.
How we can solve this? Are we importing the certificate correctly?