We have been supplied with a Certificate Authority (CA) signed certificate.
When running Sslconfig, we enter all the information and then are presented with the following error:
Waiting for caperfcenter_sso to stop... Process has stopped
Waiting for caperfcenter_console to stop... Process has stopped
Performing: Certificate changes
The step failed to run: java.security.InvalidKeyException: IOException : DER input, Integer tag error
Reverting: Certificate changes
When you receive a cert package, you need to generate the public key using this syntax:
openssl pkcs12 -in /tmp/<filename>.pfx -nocerts -out /tmp/<filename>-key.pem
But the SslConfig script was written using pkcs8, and it cannot read into the newer pkcs12 encoded key file.
This will be fixed in a future release.
Use SslConfig to set up self-signed cert and then convert the self-signed cert to the CA issued cert using the docs and this command:
keytool -importkeystore -destkeystore keystore -srckeystore keystore.pkcs12 -srcalias <aliasname> -destalias <aliasname> -trustcacerts -srcstoretype pkcs12
fixed in 3.7.4:
Symptom: SslConfig could not import key or certificate from a PKCS12 file.
Resolution: With this fix, SslConfig does allow to import key and certificate from a PKCS12 file.
(3.7.4, DE417649, 01358678)