Difference between revisions of "King0770-Notes-Input-not-an-X.509-certificate"

(Created page with "On rare occasions, you may run into an issue installing commercial SSL's.<br> Example...<br> <code><pre> $ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_...")
 
 
Line 20: Line 20:
 
openssl verify -CAfile ./commercial_ca.crt ./mail.example.com.crt
 
openssl verify -CAfile ./commercial_ca.crt ./mail.example.com.crt
 
./mail.example.com.crt: OK
 
./mail.example.com.crt: OK
 +
</pre></code>
 +
 +
Still, even manually adding the SSL to the keystore results in an error...<br>
 +
<code><pre>
 +
keytool -import -alias zcs-user-commercial_ca2 -noprompt -file commercial_ca.crt -keystore /opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts
 +
 +
keytool error: java.lang.Exception: Input not an X.509 certificate
 +
</pre></code>
 +
 +
Try parsing the SSL file to remove <strong>ALL</strong> whitespaces.
 +
<code><pre>
 +
mv commercial_ca.crt temp_commercial_ca.crt
 +
tr -d ' ' < temp_commercial_ca.crt >  commerical_ca.crt
 
</pre></code>
 
</pre></code>

Latest revision as of 00:43, 30 August 2018

On rare occasions, you may run into an issue installing commercial SSL's.

Example...

$ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'commercial.crt' against 'commercial_ca.crt'
Valid certificate chain: commercial.crt: OK
** Copying 'commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
ERROR: cacerts keytool(-import -alias zcs-user-commercial_ca -noprompt -file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt) returned non-zero(1):
keytool error: java.lang.Exception: Input not an X.509 certificate

You've even verified the SSL's as well.

openssl verify -CAfile ./commercial_ca.crt ./mail.example.com.crt
./mail.example.com.crt: OK

Still, even manually adding the SSL to the keystore results in an error...

keytool -import -alias zcs-user-commercial_ca2 -noprompt -file commercial_ca.crt -keystore /opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts

keytool error: java.lang.Exception: Input not an X.509 certificate

Try parsing the SSL file to remove ALL whitespaces.

mv commercial_ca.crt temp_commercial_ca.crt
tr -d ' ' < temp_commercial_ca.crt >  commerical_ca.crt
Jump to: navigation, search