Error when using SslConfig to set up SSL on the DX Netops Portal
search cancel

Error when using SslConfig to set up SSL on the DX Netops Portal

book

Article ID: 239783

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

When attempting to configure SSL using SslConfig we see the following error:

Performing: Certificate changes
        The step failed to run: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.

In the SslConfig.log we see:


DEBUG | YYYY-MM-DD HH:MM:SS,### | com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep | Step failed
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
 at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:252)
 at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
 at com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep.loadKey(CertificateStep.java:235)
 at com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep.performStep(CertificateStep.java:124)
 at com.ca.im.portal.sslConfig.impl.config.ConfigStep.performConfigurationStep(ConfigStep.java:37)
 at com.ca.im.portal.sslConfig.impl.app.SslConfiguration.performConfiguration(SslConfiguration.java:116)
 at com.ca.im.portal.sslConfig.impl.app.SslConfiguration.configurePerformanceCenterForSSL(SslConfiguration.java:70)
 at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.configureSSL(SslConfigUtility.java:267)
 at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.showMainMenu(SslConfigUtility.java:196)
 at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.run(SslConfigUtility.java:65)
 at com.ca.im.portal.sslConfig.impl.SslConfig.main(SslConfig.java:57)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at com.zerog.lax.LAX.launch(Unknown Source)
 at com.zerog.lax.LAX.main(Unknown Source)
Caused by: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
 at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351)
 at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
 at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:130)
 at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:80)
 at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:357)
 at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:248)

 

Environment

Release : 20.2

Component : PM Portal Administration

Cause

The PEM formatted private key is in encrypted PKCS1 format and needs to be in unencrypted PKCS8 format.

Example of top of private key in this format that needs o e converted:


-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,0C9918A41BC12383CCC1F4E266F88AD2

Ib0Vjl1VgtMdRLocV4htT0TBmhZNsVD3Lkg8JteLADANQuJuYvUvWstpOfFet8mv
nv1k3hHMqL+qhcXAwYKE5UXBqLLvMlRO0d9VtKn5Ydwf8DPNSdGekfKmz1N4S6Eo
686VU8ZB9OX/834PJi9ZPIENHYBp3/sIVPlyFSDDk6oQN6MSAybjmeVQ6fCGEByG
~~~~~~~~~SNIP~~~~~~~

Resolution

To convert from encrypted PCKS1 format to unencrypted PKCS8 format run:

openssl pkcs8 -in ORIGNALKEYFILE -topk8 -out NEWKEYFILE -nocrypt

Then point to the new the NEWKEYFILE when prompted for the key in SslConfig.

Powered by Wolken Software