How To
Summary
SSL certificate issues can be hard to determine and fix. This document aims to bring together various documents to provide a single place to start working from when faced with SSL-related problems in IBM Security SOAR.
Steps
keytool error (likely untranslated): java.security.cert.CertificateException: Unable to initialize, java.io.IOException: insufficient data
keytool error (likely untranslated): java.security.cert.CertificateException: Unable to initialize, java.io.IOException: Short read of DER length
keytool error (likely untranslated): java.security.cert.CertificateException: Fail to parse input stream
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
"Certificate reply does not contain public key for <co3>" "Failed to establish chain from reply"
Print the md5 hash of the SSL Certificate modulus:
openssl x509 -noout -modulus -in CERTIFICATE.crt | openssl md5
Print the md5 hash of the CSR modulus:
openssl req -noout -modulus -in CSR.csr | openssl md5
Print the md5 hash of the Private Key modulus:
openssl rsa -noout -modulus -in PRIVATEKEY.key | openssl md5
keytool -printcert -rfc -sslserver {server}:<port> > cacerts.pem
openssl s_client -connect {server}:<port> -showcerts
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
openssl x509 -in cacerts.pem -text -noout
keytool -printcert -v -file cacerts.pem
Additional Information
Related Information
IBM Resilient Circuits fails to connect to IBM Resilient due to an expired cert…
IBM Resilient users cannot login due to an expired Active Directory SSL certifi…
How can I extract my private key from IBM Resilient?
How to generate a new self-signed SSL certificate for use with Resilient Circui…
STOMP errors after importing a new SSL certificate in to IBM Resilient
Failed to start Resilient server due to "Keystore was tampered with, or passwor…
Public keys in reply and keystore don't match
How to Import Untrusted Certificates Into Resilient
Problems importing an SSL certificate signed using a signature algorithm that i…
"Could not convert socket to TLS" when configuring IBM Security QRadar SOAR to …
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
10 October 2023
UID
ibm16322097