Importing a certificate into UVMS is failing: The file is not a valid X.509 Certificate
Article ID: 434256
Updated On:
Products
Issue/Introduction
When attempting to import a server certificate into Univiewer Management Server (UVMS) using the unissl command-line tool, the operation fails.
Actual Behavior: The import process terminates with the following error output:
<UVMS>\app\bin>unissl import -type SERVERCERT -file "D:\certificate\cert.pem" -pwd <password>
Init log4j from:<UVMS>/data/log4j2.xml
The file is not a valid X.509 Certificate nor a valid Certificate Chain
Expected Behavior: The certificate should import successfully without throwing formatting errors.
Environment
Product: Univiewer Management Server (UVMS)
Version: v7.x
Cause
This error is triggered by incorrect formatting within the .pem certificate file. Specifically, when the file contains a certificate chain, the boundary markers between two certificates have been improperly concatenated onto the exact same line, separated by a tab space instead of a line break.
If you view the middle of the .pem file, it looks like this:
Because these markers are not on separate lines, the unissl utility cannot properly parse the beginning and end of the individual certificates.
Resolution
To resolve this issue, you must correct the formatting of the certificate file manually.
Open the problematic certificate file (e.g.,
cert.pem) in a plain text editor (such as Notepad or Notepad++).Locate the line where the two certificate markers are merged:
-----END CERTIFICATE----- -----BEGIN CERTIFICATE-----Insert a line break (press Enter) immediately after the first certificate ends, so that the markers sit on separate, consecutive lines like this:
Plaintext-----END CERTIFICATE----- -----BEGIN CERTIFICATE-----Save the changes to the file.
Run the
unissl importcommand again. The certificate should now import successfully.
Feedback
