search cancel

Error when importing SSL certificate to CAPC


Article ID: 203241


Updated On:


CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps


We are updating our existing CAPC SSL cert before it expires.

After importing the new signed cert and key into the keystore, we use SsoConfig to import it.

After being prompted to enter the keyfile, we get an error: IOException : DerInputStream.getLength(): lengthTag=58, too big


Release : 20.x

Component : IM Reporting / Admin / Configuration


If a cert is in pkcs12 format we require a specific extension to identify that for SsoConfig.


In order to allow SsoConfig to recognize that you are using pkcs12 format files, please make sure to give the signed cert and the keyfile one of these extensions:

“p12”, “pfx”, “pkcs12”

Otherwise, we assume it is pkcs8 format and will throw an error when you try to import them.

Note - we will accept one file with both the key and signed cert inside.

Additional Information