Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zwe init w/java 17: Input not an X.509 certificate #3977

Open
dkelosky opened this issue Sep 4, 2024 · 3 comments
Open

zwe init w/java 17: Input not an X.509 certificate #3977

dkelosky opened this issue Sep 4, 2024 · 3 comments

Comments

@dkelosky
Copy link

dkelosky commented Sep 4, 2024
edited
Loading

This seems similar to #3329. When using zwe init with java version "17.0.11" 2024-04-16 I get (using pax zowe-2.18.0.pax:

Warning ZWEL0300W: Keystore "/u/users/dkelosky/zowe/keystore/localhost/localhost.keystore.p12" already exists. This keystore will be overwritten during configuration.
>>>> Generate certificate "localhost" in the keystore localhost:
>>>> Generate CSR for the certificate "localhost" in the keystore "localhost":
>>>> Sign the CSR using the Certificate Authority "local_ca":
>>>> Import the Certificate Authority "local_ca" to the keystore "localhost":
  * Exit code: 1
  * Output:
    keytool error: java.lang.Exception: Input not an X.509 certificate
    java.lang.Exception: Input not an X.509 certificate
        at java.base/sun.security.tools.keytool.Main.addTrustedCert(Main.java:3342)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1236)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:428)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:421)
>>>> Import the Certificate Authority "local_ca" to the truststore "localhost":
  * Exit code: 1
  * Output:
    keytool error: java.lang.Exception: Input not an X.509 certificate
    java.lang.Exception: Input not an X.509 certificate
        at java.base/sun.security.tools.keytool.Main.addTrustedCert(Main.java:3342)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1236)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:428)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:421)
>>>> Import the signed CSR to the keystore "localhost":
  * Exit code: 1
  * Output:
    keytool error: java.lang.Exception: Failed to establish chain from reply
    java.lang.Exception: Failed to establish chain from reply
        at java.base/sun.security.tools.keytool.Main.establishCertChain(Main.java:4138)
        at java.base/sun.security.tools.keytool.Main.installReply(Main.java:3301)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1225)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:428)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:421)
Error ZWEL0169E: Failed to create certificate "localhost".

Using scenario 1:

    # >>>> Certificate setup scenario 1
    # PKCS12 (keystore) with Zowe generate certificates.
    certificate:
      # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS
      type: PKCS12
      pkcs12:
        # **COMMONLY_CUSTOMIZED**
        # Keystore directory
        directory: /u/users/dkelosky/zowe/keystore
        # # Lock the keystore directory to only accessible by Zowe runtime user and group.
        # lock: true
        # **COMMONLY_CUSTOMIZED**
        # # Certificate alias name. Optional, default value is localhost.
        # # Note: please use all lower cases as alias.
        # name: localhost
        # **COMMONLY_CUSTOMIZED**
        # # Keystore password. Optional, default value is password.
        # password: password
        # **COMMONLY_CUSTOMIZED**
        # # Alias name of self-signed certificate authority. Optional, default value is local_ca.
        # # Note: please use all lower cases as alias.
        # caAlias: local_ca
        # **COMMONLY_CUSTOMIZED**
        # # Password of keystore stored self-signed certificate authority. Optional, default value is local_ca_password.
        # caPassword: local_ca_password
      # # Distinguished name for Zowe generated certificates. All optional.
      # dname:
      #   caCommonName: ""
      #   commonName: ""
      #   orgUnit: ""
      #   org: ""
      #   locality: ""
      #   state: ""
      #   country: ""
      # # Validity days for Zowe generated certificates
      # validity: 3650
      # # Domain names and IPs should be added into certificate SAN
      # # If this field is not defined, `zwe init` command will use
      # # `zowe.externalDomains`.
      # san:
      #   # sample domain name
      #   - dvipa.my-company.com
      #   # sample IP address
      #   - 12.34.56.78
@dkelosky dkelosky mentioned this issue Sep 6, 2024
Open
@JoeNemo
Copy link
Contributor

JoeNemo commented Sep 11, 2024

@1000TurquoisePogs, for your input, please?

@codezfire
Copy link
Contributor

codezfire commented Oct 24, 2024
edited
Loading

I am unable to regenerate the issue, maybe you are trying to overwrite the existing keystore
can you try a new path or remane the existing to something else , and share the full yaml used

@1000TurquoisePogs
Copy link
Member

@JoeNemo I don't have a lot to add.
Zowe v2 was initially only compatible with Java v8
Zowe v3 is only compatible with Java v17
I was told the latest versions of Zowe v2 are simultaneously compatible with v8 and v17, but this certificate code is maintained by APIML squad so I'm not overly familiar with it. I'm just assuming this could be a v8-v17 snag.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dkelosky @JoeNemo @1000TurquoisePogs @codezfire