Unable to attach private key to certificate. Length of the data to decrypt is invalid.
search cancel

Unable to attach private key to certificate. Length of the data to decrypt is invalid.

book

Article ID: 175521

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The customer reported an issue while trying to update or refresh the "Certificate Management" page (under SMP Console> Settings>All Settings> Notification Server). There is a red "X" on top of the "SMA local proxy certificate".

The NS logs showed errors like this one:

Entry 1:

Unable to attach private key to certificate.

Length of the data to decrypt is invalid.
   [System.Security.Cryptography.CryptographicException @ mscorlib]
   at System.Security.Cryptography.CryptoAPITransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
   at System.IO.Stream.Close()
   at Altiris.NS.Utilities.BasicCrypto.Decrypt(Byte[] encryptedData, SymmetricKeyInfo keyInfo)
   at Altiris.NS.Utilities.BasicCrypto.DecryptStringFromBase64String(String encryptedData, SymmetricKeyInfo keyInfo)
   at Altiris.Resource.StandardResources.DigitalCertificate.AttachPrivateKey(String sPrivateKeyContent)

Unable to attach private key to certificate.

Length of the data to decrypt is invalid.
   [System.Security.Cryptography.CryptographicException @ mscorlib]
   at System.Security.Cryptography.CryptoAPITransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
   at System.IO.Stream.Close()
   at Altiris.NS.Utilities.BasicCrypto.Decrypt(Byte[] encryptedData, SymmetricKeyInfo keyInfo)
   at Altiris.NS.Utilities.BasicCrypto.DecryptStringFromBase64String(String encryptedData, SymmetricKeyInfo keyInfo)
   at Altiris.Resource.StandardResources.DigitalCertificate.AttachPrivateKey(String sPrivateKeyContent)

Exception logged from:
   at Altiris.Resource.StandardResources.DigitalCertificate.AttachPrivateKey(String)
   at Altiris.Resource.StandardResources.DigitalCertificate.EnsureInitialized()
   at Altiris.NS.StandardItems.CertificateConfiguration.CertificateDetails..ctor(Altiris.Resource.StandardResources.DigitalCertificate)
   at Altiris.NS.StandardItems.CertificateConfiguration.NSCertificateConfigurationItem.GetCertificateDetails(System.Guid, Int32, System.Guid)
   at Altiris.NS.StandardItems.CertificateConfiguration.NSCertificateConfigurationItem.GetDetails(System.Guid, System.Collections.Specialized.NameValueCollection)
   at Altiris.Web.NS.Services.GetItemDetails.ProcessRequest(System.Web.HttpContext)
   at System.Web.HttpApplication+CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(System.Web.HttpApplication+IExecutionStep)
   at System.Web.HttpApplication.ExecuteStep(System.Web.HttpApplication+IExecutionStep, Boolean&)
   at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
   at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)

HTTP [GET]: https://mySMP.YourDomain.com/Altiris/NS/GetItemDetails.aspx?ItemGuid=e923e00f-cc91-4b9e-a06c-73d07cf22c3f&ResourceGuid=2764fdb2-0338-4770-95d9-aff3a120ca1f&Port=-1&DetailsProvider=4e4ff680-078a-47dc-9928-23cb833145d0
 ip: [10.16.169.44]; languages: [en-US];
 response: [200 OK]; x-smp-nsversion: [8.5.4249.0];

-----------------------------------------------------------------------------------------------------
Date: 7/24/2019 12:27:48 PM, Tick Count: 180912593 (2.02:15:12.5930000), Size: 3.38 KB
Process: w3wp (21052), Thread ID: 1489, Module: Altiris.Resource.dll
Priority: 1, Source: Altiris.Resource.StandardResources.DigitalCertificate.AttachPrivateKey

 

Environment

ITMS 8.5

Cause

This is a Microsoft issue caused by having problems encrypting/decrypting.

Resolution

If the suggestions on TECH255317 or TECH255621 didn't help in regards of providing Full Control permissions to your Application Identity account, please try the following:

  1. Go to "Certificate Management" page (under SMP Console> Settings>All Settings> Notification Server).
  2. Select "SMA local proxy certificate" and click "Renew" on the top menu

     
  3. Follow the "Confirm certificate replacement" page prompts in order to recreate this certificate having the proper encryption.