When attempting to configure SSL using SslConfig we see the following error:
Performing: Certificate changes
The step failed to run: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
In the SslConfig.log we see:
DEBUG | YYYY-MM-DD HH:MM:SS,### | com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep | Step failed
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:252)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep.loadKey(CertificateStep.java:235)
at com.ca.im.portal.sslConfig.impl.config.configsteps.CertificateStep.performStep(CertificateStep.java:124)
at com.ca.im.portal.sslConfig.impl.config.ConfigStep.performConfigurationStep(ConfigStep.java:37)
at com.ca.im.portal.sslConfig.impl.app.SslConfiguration.performConfiguration(SslConfiguration.java:116)
at com.ca.im.portal.sslConfig.impl.app.SslConfiguration.configurePerformanceCenterForSSL(SslConfiguration.java:70)
at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.configureSSL(SslConfigUtility.java:267)
at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.showMainMenu(SslConfigUtility.java:196)
at com.ca.im.portal.sslConfig.impl.app.SslConfigUtility.run(SslConfigUtility.java:65)
at com.ca.im.portal.sslConfig.impl.SslConfig.main(SslConfig.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.zerog.lax.LAX.launch(Unknown Source)
at com.zerog.lax.LAX.main(Unknown Source)
Caused by: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:130)
at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:80)
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:357)
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:248)
The PEM formatted private key is in encrypted PKCS1 format and needs to be in unencrypted PKCS8 format.
Example of top of private key in this format that needs o e converted:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,0C9918A41BC12383CCC1F4E266F88AD2
Ib0Vjl1VgtMdRLocV4htT0TBmhZNsVD3Lkg8JteLADANQuJuYvUvWstpOfFet8mv
nv1k3hHMqL+qhcXAwYKE5UXBqLLvMlRO0d9VtKn5Ydwf8DPNSdGekfKmz1N4S6Eo
686VU8ZB9OX/834PJi9ZPIENHYBp3/sIVPlyFSDDk6oQN6MSAybjmeVQ6fCGEByG
~~~~~~~~~SNIP~~~~~~~
Release : 20.2
Component : PM Portal Administration
To convert from encrypted PCKS1 format to unencrypted PKCS8 format run:
openssl pkcs8 -in ORIGNALKEYFILE -topk8 -out NEWKEYFILE -nocrypt
Then point to the new the NEWKEYFILE when prompted for the key in SslConfig.