While importing renewed SSL listener certificate on XMS 10.6 following error is observed on XMS debug logs.

2017-06-22T11:47:55.251+0300 | A7B895C5041828EC | INFO | http-nio-14443-exec-7 | com.citrix.controlpoint.rest.CertificateMgmtResource | Uploading certificate to be used As : listener . none indicates server cert 2017-06-22T11:47:55.748+0300 | A7B895C5041828EC | ERROR | http-nio-14443-exec-7 | com.citrix.controlpoint.service.impl.CertManagerImpl | String index out of range: 75 java.lang.StringIndexOutOfBoundsException: String index out of range: 75 at java.lang.String.substring(String.java:1963) ~[?:1.8.0_121-XMS] at com.citrix.controlpoint.service.impl.CertManagerImpl.extractCNFromString(CertManagerImpl.java:342) ~[mw.jar:?] at com.citrix.controlpoint.service.impl.CertManagerImpl.saveCertMetaData(CertManagerImpl.java:252) ~[mw.jar:?] at com.citrix.controlpoint.service.impl.CertManagerImpl.updateListenerCertificate(CertManagerImpl.java:1097) ~[mw.jar:?] at com.citrix.controlpoint.service.impl.CertManagerImpl.uploadAsListenerInner(CertManagerImpl.java:1078) ~[mw.jar:?] at com.citrix.controlpoint.service.impl.CertManagerImpl.uploadAsListenerCert(CertManagerImpl.java:1029) [mw.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121-XMS] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121-XMS] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121-XMS] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121-XMS] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework ansaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) [spring-tx-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) [spring-tx-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) [spring-tx-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE] at com.sun.proxy.$Proxy411.uploadAsListenerCert(Unknown Source) [?:?] at com.citrix.controlpoint.service.impl.CertificateServiceImpl.uploadCertificate(CertificateServiceImpl.java:184) [mw.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121-XMS] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121-XMS] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121-XMS] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121-XMS] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE] at com.sun.proxy.$Proxy405.uploadCertificate(Unknown Source) [?:?] at com.citrix.controlpoint.rest.CertificateMgmtResource.importCertificate(CertificateMgmtResource.java:166) [mw.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121-XMS] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121-XMS] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121-XMS] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121-XMS] at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:367) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:349) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:106) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:259) [jersey-server-2.4.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [jersey-common-2.4.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [jersey-common-2.4.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [jersey-common-2.4.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [jersey-common-2.4.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [jersey-common-2.4.jar:?] at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:318) [jersey-common-2.4.jar:?] at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:236) [jersey-server-2.4.jar:?] at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:983) [jersey-server-2.4.jar:?] at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:361) [jersey-container-servlet-core-2.4.jar:?] at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:372) [jersey-container-servlet-core-2.4.jar:?] at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335) [jersey-container-servlet-core-2.4.jar:?] at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:218) [jersey-container-servlet-core-2.4.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at org.springframework.orm.hibernate5.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:151) [spring-orm-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.6.RELEASE.jar:4.3.6.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at com.citrix.logging.AdminAuditLogFilter.doFilter(AdminAuditLogFilter.java:47) [logInt.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at com.citrix.logging.DebugLogFilter.doFilter(DebugLogFilter.java:58) [logInt.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at com.citrix.cg.auth.SessionFilter.doFilter(SessionFilter.java:94) [mw.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at com.zenprise.security.securityfilter.XdmSecurityFilter.doFilter(XdmSecurityFilter.java:208) [nps.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at com.citrix.multi_tenant.filter.MultiTenantHostFilter.doFilter(MultiTenantHostFilter.java:65) [common-interfaces.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.39] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) [catalina.jar:8.0.39] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.39] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.39] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.39] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.39] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.39] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:509) [catalina.jar:8.0.39] at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1104) [tomcat-coyote.jar:8.0.39] at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) [tomcat-coyote.jar:8.0.39] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520) [tomcat-coyote.jar:8.0.39] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476) [tomcat-coyote.jar:8.0.39] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_121-XMS] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_121-XMS] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.39] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121-XMS] 2017-06-22T11:47:55.788+0300 | A7B895C5041828EC | ERROR | http-nio-14443-exec-7 | com.citrix.controlpoint.rest.CertificateMgmtResource | Failed to update listener certificate 2017-06-22T11:47:58.100+0300 | 2D9B4B730C528BEF | INFO | http-nio-14443-exec-2 | com.zenprise.security.securityfilter.XdmSecurityFilter | XdmSecurityFilter: doFilter( GET, 'https://192.168.2.119:4443/zdm/login_xdm_uc.jsp;jsessionid=F0772A37620D67E03799749DFBC02BF2', from: 192.168.9.38): CSRF: path '/zdm/login_xdm_uc.jsp' is a landing page 2017-06-22T11:48:06.742+0300 | | INFO | http-nio-10443-exec-40 | com.sparus.nps.shtp.ConnectionManager | user=xyz@abc.com  deviceid=s:359937063620496|i:359937063620496 2017-06-22T11:48:06.742+0300 | | INFO | http-nio-10443-exec-40 | com.sparus.nps.shtp.ConnectionManager | Network interface:MOBILE LTE, network type:1, network subtype:13, phone roaming:false, connection roaming:false, carrier:null, os family:ANDROID, platform:Android, root access:0, admin disabled:0 2017-06-22T11:48:06.748+0300 | | INFO | http-nio-10443-exec-40 | com.citrix.xam.EnrollmentProfile.EnrollmentProfileImpl | Get NumOfDevicePerUser for user ID 147 2017-06-22T11:48:06.748+0300 | | INFO | http-nio-10443-exec-40 | com.citrix.xam.bo.manager.EnrollmentProfileManager | Check MAM Device Limit for User: 147 2017-06-22T11:48:06.756+0300 | | INFO | http-nio-10443-exec-40 | com.citrix.xam.bo.manager.EnrollmentProfileManager | EP: Global 2017-06-22T11:48:06.756+0300 | | INFO | http-nio-10443-exec-40 | com.citrix.xam.bo.manager.EnrollmentProfileManager | Key: NUMBER_OF_DEVICES_PER_USER Value: 0 2017-06-22T11:48:06.804+0300 | | INFO | http-nio-10443-exec-40 | com.citrix.cg.bo.spring.impl.InternalUserServiceImpl | Input params for updateUser. UserName 'xyz@abc.com ' and Domain Name 'abc.com ' 2017-06-22T11:48:06.818+0300 | | INFO | http-nio-10443-exec-40 | com.citrix.xms.oca.imil.service.impl.GroupServiceImpl | No.of groups:2 retrieved by UserID:147 2017-06-22T11:48:06.844+0300 | | INFO | http-nio-10443-exec-40 | com.sparus.nps.shtp.processors.AdminDisabledProcessor | administrator disabled setting in request : false, in device property: false 2017-06-22T11:48:06.876+0300 | | INFO | http-nio-10443-exec-40 | EWSession | Get device hardware inventory: xyz@abc.com  device ID:35993706362049xx 2017-06-22T11:48:06.878+0300 | | INFO | http-nio-10443-exec-40 | EWSession | Get device certificate inventory: xyz@abc.com  device ID:359937063620496 2017-06-22T11:48:06.879+0300 | | INFO | http-nio-10443-exec-40 | EWSession | Get device software inventory (simple): xyz@abc.com device ID:3599370636204xx

Problem Cause