Hi Folks,
I am setting up the CCP for one of the AD source. After installing the certificate and setting up the CCP config, I am getting below error. Certiicate is valid and cred as well but on testing the source connection still getting it.
missing something?
I’d first look at the PFX file and its password, because this error usually points there more than to the AD account itself.
If SailPoint says keystore password was incorrect, it normally means it could not open the .pfx with the password you entered.
A few things worth checking:
.pfx and type the password again carefullyIf all of that looks fine, then I’d suspect the .pfx itself — either wrong password, wrong file, or export issue.
That’s where I’d start.
Thanks I managed to upload the new cert with different name and it worked but now I am getting this error. Does this path looks correct?
secrets://CyberArk%2FAIMWebService%2Fapi%2FAccounts%3FAppID%3DSailpointNP%26Safe%3DCCP-Test
Looking at your secrets:// value, this might actually be part of the problem.
Right now it looks like you encoded the entire CyberArk URL in one go. In SailPoint, the secrets:// format is a bit picky — it expects the provider name and path to be structured, not one fully encoded string.
For example:
CyberArk should just be the Credential Provider name/Content or /PasswordSomething like this structure works better:
secrets://CyberArk/AppID%3DSailpointNP%26Safe%3DCCP-Test/Content
Right now, since everything is encoded together (CyberArk%2FAIMWebService%2Fapi...), SailPoint might not even be parsing it correctly, which can lead to weird errors that don’t directly point to the real issue.
Also worth testing the same CCP call via Postman/curl just to confirm what the expected response/key is.
yeah trying via postman and its bit tricky as well. tried this and got this error.. Suspecting the URL is still incorrect.
https://npdasxxxxxx/AIMWebService/api/Accounts?AppID=SailpointNP&Safe=Operating System-P-WinDomain-CORP-test-TestCCP
error: Error:getaddrinfo ENOTFOUND npdasxxxxxx
Does anyone has the correct working URL? want to cross check if the params I am passing are correct or not.
The following worked for us
secrets://<name of the CCP connector in ISC>/Object%3DobjectNameInCyberArk%26AppID%3DappIDInCyberArk/Content
Make sure the url ends with /Content - not the property/value you are trying to extract like Password but has to be “Content“
Thanks Nikhil for sharing. Using the same url but getting error unable to find the provided, could be firewall issue which I am checking.
QQ though, objectNameInCyberArk is safe name, correct? Thanks in advance.
Hi Folks,
I am kind of a stuck in here where not moving forward to complete the setup. Did below and still not getting the creds. Am I missing anything?
Am I missing anything? Sailpoint support is of no help since we are doing it first time, they can’t help and want us to involve expert services.
Current Error: No matching credential provider found with given name : CyberArk/Safe=CCP-Test&AppID=SailpointNP/Content
Please ignore, I was able to resolve the issue from my end. 
The URL has to be encoded to the = will translate to %3D.