IBM Security Guardium: Unable to Install Certificates Provided by CA

Troubleshooting

Problem

You are trying to install certificates using cli 'store certificate gim console' (or similar for sniffer) and you get a response similar to: [] unable to load certificate 139873696147272:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN: wrong tag:tasn_dec.c:1345: 139873696147272:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I: nested asn1 error:tasn_dec.c:393:Type=X509_CINF 139873696147272:error:0D08303A:asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:777: Field=cert_info, Type=X509 139873696147272:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib: pem_oth.c:83: Can not get the certificate. err []

Symptom

You can read/view the certificate in Windows Certificate Tool.

You cannot view the certificate using the Open SSL command:

openssl x509 -in sniffcertnew1 -text -noout

You get the same error as when you tried to import it.

Cause

The certificate is corrupt and not in the PEM format that Guardium requires.

Resolving The Problem

1. Convert the certificate using this command:

openssl pkcs7 -print_certs -in <originalCertificate> -out <newCertificate>

2. Use the <newCertificate> text for import with CLI.

Note: Now you can view the certificate with the -text -noout command.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Appliances","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.0.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

IBM Security Guardium: Unable to Install Certificates Provided by CA

Troubleshooting

Problem

Symptom

Cause

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?