search cancel

Error when using SslConfig to set up SSL on the DX Netops Portal

book

Article ID: 239783

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

When attempting to configure SSL using SslConfig we see the following error:

Performing: Certificate changes
        The step failed to run: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.

In the SslConfig.log we see:


DEBUG | YYYY-MM-DD HH:MM:SS,### | com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep | Step failed
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
 at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:252)
 at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
 at com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep.loadKey(CertificateStep.java:235)
 at com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep.performStep(CertificateStep.java:124)
 at com.ca.im.portal.sslConfig.impl.config.ConfigStep.performConfigurationStep(ConfigStep.java:37)
 at com.ca.im.portal.sslConfig.impl.app.SslConfiguration.performConfiguration(SslConfiguration.java:116)
 at com.ca.im.portal.sslConfig.impl.app.SslConfiguration.configurePerformanceCenterForSSL(SslConfiguration.java:70)
 at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.configureSSL(SslConfigUtility.java:267)
 at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.showMainMenu(SslConfigUtility.java:196)
 at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.run(SslConfigUtility.java:65)
 at com.ca.im.portal.sslConfig.impl.SslConfig.main(SslConfig.java:57)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at com.zerog.lax.LAX.launch(Unknown Source)
 at com.zerog.lax.LAX.main(Unknown Source)
Caused by: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
 at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351)
 at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
 at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:130)
 at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:80)
 at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:357)
 at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:248)

 

Cause

The PEM formatted private key is in encrypted PKCS1 format and needs to be in unencrypted PKCS8 format.

Example of top of private key in this format that needs o e converted:


-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,0C9918A41BC12383CCC1F4E266F88AD2

Ib0Vjl1VgtMdRLocV4htT0TBmhZNsVD3Lkg8JteLADANQuJuYvUvWstpOfFet8mv
nv1k3hHMqL+qhcXAwYKE5UXBqLLvMlRO0d9VtKn5Ydwf8DPNSdGekfKmz1N4S6Eo
686VU8ZB9OX/834PJi9ZPIENHYBp3/sIVPlyFSDDk6oQN6MSAybjmeVQ6fCGEByG
~~~~~~~~~SNIP~~~~~~~

Environment

Release : 20.2

Component : PM Portal Administration

Resolution

To convert from encrypted PCKS1 format to unencrypted PKCS8 format run:

openssl pkcs8 -in ORIGNALKEYFILE -topk8 -out NEWKEYFILE -nocrypt

Then point to the new the NEWKEYFILE when prompted for the key in SslConfig.