Cannot import HTTPS/TLS certificates into Messaging Gateway due to invalid links (URI) in the certificate

book

Article ID: 160821

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Cannot import HTTPS/TLS certificates into Messaging Gateway due to invalid links (URI) in the certificate

X509v3 CRL Distribution Points: critical 
Full Name: 
URI:file://C:\Windows\system32\CertSrv\CertEnroll\C:\Windows\system32\unknown8.crl
URI:https://pki.csrboge.corp/C:/Windows/system32/unknown8.crl 


Symantec Messaging Gateway logs may also show the following events: 

May 08, 2014 8:37:54 AM org.apache.coyote.AbstractProtocol init 
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"] 
java.io.IOException: java.io.IOException: invalid URI name:file://C:\Windows\system32\CertSrv\CertEnroll\C:\Windows\system32\unknown8.crl
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)

URISyntaxException: Illegal character in authority at index 7: file://C:\Windows\system32\CertSrv\CertEnroll\C:\Windows\system32\unknown8.crl

Cause

Unique Resource Identifier (URI) excessive length or invalid syntax

Resolution

Symantec Messaging Gateway does not accept certificates that may have exceedingly long URI fields or containing invalid characters.

In order to resolve the problem, a new certificate should be generated without the offending URI links.