King0770-Notes-Input-not-an-X.509-certificate: Difference between revisions
(Created page with "On rare occasions, you may run into an issue installing commercial SSL's.<br> Example...<br> <code><pre> $ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_...") |
No edit summary |
||
Line 20: | Line 20: | ||
openssl verify -CAfile ./commercial_ca.crt ./mail.example.com.crt | openssl verify -CAfile ./commercial_ca.crt ./mail.example.com.crt | ||
./mail.example.com.crt: OK | ./mail.example.com.crt: OK | ||
</pre></code> | |||
Still, even manually adding the SSL to the keystore results in an error...<br> | |||
<code><pre> | |||
keytool -import -alias zcs-user-commercial_ca2 -noprompt -file commercial_ca.crt -keystore /opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts | |||
keytool error: java.lang.Exception: Input not an X.509 certificate | |||
</pre></code> | |||
Try parsing the SSL file to remove <strong>ALL</strong> whitespaces. | |||
<code><pre> | |||
mv commercial_ca.crt temp_commercial_ca.crt | |||
tr -d ' ' < temp_commercial_ca.crt > commerical_ca.crt | |||
</pre></code> | </pre></code> |
Latest revision as of 00:43, 30 August 2018
On rare occasions, you may run into an issue installing commercial SSL's.
Example...
$ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'commercial.crt' against 'commercial_ca.crt'
Valid certificate chain: commercial.crt: OK
** Copying 'commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
ERROR: cacerts keytool(-import -alias zcs-user-commercial_ca -noprompt -file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt) returned non-zero(1):
keytool error: java.lang.Exception: Input not an X.509 certificate
You've even verified the SSL's as well.
openssl verify -CAfile ./commercial_ca.crt ./mail.example.com.crt
./mail.example.com.crt: OK
Still, even manually adding the SSL to the keystore results in an error...
keytool -import -alias zcs-user-commercial_ca2 -noprompt -file commercial_ca.crt -keystore /opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts
keytool error: java.lang.Exception: Input not an X.509 certificate
Try parsing the SSL file to remove ALL whitespaces.
mv commercial_ca.crt temp_commercial_ca.crt
tr -d ' ' < temp_commercial_ca.crt > commerical_ca.crt