Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zwe init w/java 17: Input not an X.509 certificate #3977

Open
dkelosky opened this issue Sep 4, 2024 · 1 comment
Open

zwe init w/java 17: Input not an X.509 certificate #3977

dkelosky opened this issue Sep 4, 2024 · 1 comment

Comments

@dkelosky
Copy link

dkelosky commented Sep 4, 2024
edited
Loading

This seems similar to #3329. When using zwe init with java version "17.0.11" 2024-04-16 I get (using pax zowe-2.18.0.pax:

Warning ZWEL0300W: Keystore "/u/users/dkelosky/zowe/keystore/localhost/localhost.keystore.p12" already exists. This keystore will be overwritten during configuration.
>>>> Generate certificate "localhost" in the keystore localhost:
>>>> Generate CSR for the certificate "localhost" in the keystore "localhost":
>>>> Sign the CSR using the Certificate Authority "local_ca":
>>>> Import the Certificate Authority "local_ca" to the keystore "localhost":
  * Exit code: 1
  * Output:
    keytool error: java.lang.Exception: Input not an X.509 certificate
    java.lang.Exception: Input not an X.509 certificate
        at java.base/sun.security.tools.keytool.Main.addTrustedCert(Main.java:3342)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1236)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:428)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:421)
>>>> Import the Certificate Authority "local_ca" to the truststore "localhost":
  * Exit code: 1
  * Output:
    keytool error: java.lang.Exception: Input not an X.509 certificate
    java.lang.Exception: Input not an X.509 certificate
        at java.base/sun.security.tools.keytool.Main.addTrustedCert(Main.java:3342)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1236)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:428)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:421)
>>>> Import the signed CSR to the keystore "localhost":
  * Exit code: 1
  * Output:
    keytool error: java.lang.Exception: Failed to establish chain from reply
    java.lang.Exception: Failed to establish chain from reply
        at java.base/sun.security.tools.keytool.Main.establishCertChain(Main.java:4138)
        at java.base/sun.security.tools.keytool.Main.installReply(Main.java:3301)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1225)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:428)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:421)
Error ZWEL0169E: Failed to create certificate "localhost".

Using scenario 1:

    # >>>> Certificate setup scenario 1
    # PKCS12 (keystore) with Zowe generate certificates.
    certificate:
      # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS
      type: PKCS12
      pkcs12:
        # **COMMONLY_CUSTOMIZED**
        # Keystore directory
        directory: /u/users/dkelosky/zowe/keystore
        # # Lock the keystore directory to only accessible by Zowe runtime user and group.
        # lock: true
        # **COMMONLY_CUSTOMIZED**
        # # Certificate alias name. Optional, default value is localhost.
        # # Note: please use all lower cases as alias.
        # name: localhost
        # **COMMONLY_CUSTOMIZED**
        # # Keystore password. Optional, default value is password.
        # password: password
        # **COMMONLY_CUSTOMIZED**
        # # Alias name of self-signed certificate authority. Optional, default value is local_ca.
        # # Note: please use all lower cases as alias.
        # caAlias: local_ca
        # **COMMONLY_CUSTOMIZED**
        # # Password of keystore stored self-signed certificate authority. Optional, default value is local_ca_password.
        # caPassword: local_ca_password
      # # Distinguished name for Zowe generated certificates. All optional.
      # dname:
      #   caCommonName: ""
      #   commonName: ""
      #   orgUnit: ""
      #   org: ""
      #   locality: ""
      #   state: ""
      #   country: ""
      # # Validity days for Zowe generated certificates
      # validity: 3650
      # # Domain names and IPs should be added into certificate SAN
      # # If this field is not defined, `zwe init` command will use
      # # `zowe.externalDomains`.
      # san:
      #   # sample domain name
      #   - dvipa.my-company.com
      #   # sample IP address
      #   - 12.34.56.78
@dkelosky dkelosky mentioned this issue Sep 6, 2024
Open
@JoeNemo
Copy link
Contributor

JoeNemo commented Sep 11, 2024

@1000TurquoisePogs, for your input, please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dkelosky @JoeNemo