search cancel

Error Configuring SSL with SslConfig


Article ID: 132138


Updated On:


CA Infrastructure Management CA Performance Management - Usage and Administration


We have been supplied with a Certificate Authority (CA) signed certificate.  
When running Sslconfig, we enter all the information and then are presented with the following error:
Waiting for caperfcenter_sso to stop... Process has stopped
Waiting for caperfcenter_console to stop... Process has stopped
Performing: Certificate changes
        The step failed to run: IOException : DER input, Integer tag error
Reverting: Certificate changes


CAPC 3.7


When you receive a cert package, you need to generate the public key using this syntax:
openssl pkcs12 -in /tmp/<filename>.pfx -nocerts -out /tmp/<filename>-key.pem
But the SslConfig script was written using pkcs8, and it cannot read into the newer pkcs12 encoded key file.

This will be fixed in a future release.


Use SslConfig to set up self-signed cert and then convert the self-signed cert to the CA issued cert using the docs and this command:
keytool -importkeystore -destkeystore keystore -srckeystore keystore.pkcs12 -srcalias <aliasname> -destalias <aliasname> -trustcacerts -srcstoretype pkcs12

Additional Information

fixed in 3.7.4:

Symptom: SslConfig could not import key or certificate from a PKCS12 file.
Resolution: With this fix, SslConfig does allow to import key and certificate from a PKCS12 file.
(3.7.4, DE417649, 01358678)