King0770-Notes-Input-not-an-X.509-certificate

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

On rare occasions, you may run into an issue installing commercial SSL's.

Example...

$ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'commercial.crt' against 'commercial_ca.crt'
Valid certificate chain: commercial.crt: OK
** Copying 'commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
ERROR: cacerts keytool(-import -alias zcs-user-commercial_ca -noprompt -file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt) returned non-zero(1):
keytool error: java.lang.Exception: Input not an X.509 certificate

You've even verified the SSL's as well.

openssl verify -CAfile ./commercial_ca.crt ./mail.example.com.crt
./mail.example.com.crt: OK

Still, even manually adding the SSL to the keystore results in an error...

keytool -import -alias zcs-user-commercial_ca2 -noprompt -file commercial_ca.crt -keystore /opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts

keytool error: java.lang.Exception: Input not an X.509 certificate

Try parsing the SSL file to remove ALL whitespaces.

mv commercial_ca.crt temp_commercial_ca.crt
tr -d ' ' < temp_commercial_ca.crt >  commerical_ca.crt

King0770-Notes-Input-not-an-X.509-certificate

Products

Support

Learn

Community