King0770-Notes-Input-not-an-X.509-certificate

On rare occasions, you may run into an issue installing commercial SSL's.

Example...

$ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'commercial.crt' against 'commercial_ca.crt'
Valid certificate chain: commercial.crt: OK
** Copying 'commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
ERROR: cacerts keytool(-import -alias zcs-user-commercial_ca -noprompt -file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt) returned non-zero(1):
keytool error: java.lang.Exception: Input not an X.509 certificate

You've even verified the SSL's as well.

openssl verify -CAfile ./commercial_ca.crt ./mail.example.com.crt
./mail.example.com.crt: OK

Still, even manually adding the SSL to the keystore results in an error...

keytool -import -alias zcs-user-commercial_ca2 -noprompt -file commercial_ca.crt -keystore /opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts

keytool error: java.lang.Exception: Input not an X.509 certificate

Try parsing the SSL file to remove ALL whitespaces.

mv commercial_ca.crt temp_commercial_ca.crt
tr -d ' ' < temp_commercial_ca.crt >  commerical_ca.crt
Jump to: navigation, search