Error Configuring SSL with SslConfig

book

Article ID: 132138

calendar_today

Updated On:

Products

CA Infrastructure Management CA Infrastructure Management CA Performance Management - Usage and Administration

Issue/Introduction

We have been supplied with a Certificate Authority (CA) signed certificate.  
When running Sslconfig, we enter all the information and then are presented with the following error:
Waiting for caperfcenter_sso to stop... Process has stopped
Waiting for caperfcenter_console to stop... Process has stopped
Performing: Certificate changes
        The step failed to run: java.security.InvalidKeyException: IOException : DER input, Integer tag error
 
Reverting: Certificate changes

Cause

When you receive a cert package, you need to generate the public key using this syntax:
openssl pkcs12 -in /tmp/<filename>.pfx -nocerts -out /tmp/<filename>-key.pem
 
But the SslConfig script was written using pkcs8, and it cannot read into the newer pkcs12 encoded key file.

This will be fixed in a future release.

Environment

CAPC 3.7

Resolution

Use SslConfig to set up self-signed cert and then convert the self-signed cert to the CA issued cert using the docs and this command:
keytool -importkeystore -destkeystore keystore -srckeystore keystore.pkcs12 -srcalias <aliasname> -destalias <aliasname> -trustcacerts -srcstoretype pkcs12
 

Additional Information

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/administrating/single-sign-on/set-up-https/enable-performance-center-to-use-ssl-manually.html

fixed in 3.7.4:

Symptom: SslConfig could not import key or certificate from a PKCS12 file.
Resolution: With this fix, SslConfig does allow to import key and certificate from a PKCS12 file.
(3.7.4, DE417649, 01358678)