search cancel

Error when importing SSL certificate to CAPC

book

Article ID: 203241

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

We are updating our existing CAPC SSL cert before it expires.

After importing the new signed cert and key into the keystore, we use SsoConfig to import it.

After being prompted to enter the keyfile, we get an error:

java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big

Environment

Release : 20.x

Component : IM Reporting / Admin / Configuration

Cause

If a cert is in pkcs12 format we require a specific extension to identify that for SsoConfig.

Resolution

In order to allow SsoConfig to recognize that you are using pkcs12 format files, please make sure to give the signed cert and the keyfile one of these extensions:

“p12”, “pfx”, “pkcs12”

Otherwise, we assume it is pkcs8 format and will throw an error when you try to import them.

Note - we will accept one file with both the key and signed cert inside.

Additional Information

https://knowledge.broadcom.com/external/article/132138/