0

On Linux, we are running this command: 

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -config openssl.cnf -keyout mycompany.key -out mycompany.crt

after posting this, I think the command we actually ran was probably this (but that puts the question into a different area, i.e. OpenAS2 instead of just certs and OpenSSL). 

  cert import testcet /path/to/testcert.pfx passphrase

which results in this error: 

org.openas2.WrappedException: java.security.cert.CertificateParsingException: signed fields invalid

I added a follow-up question specific to the "cert" command here:

OpenAS2 Cert Import gives error "Stream does not represent a PKCS12 key store"

The cert was created on Windows 2008/R2 in IIS, and exported as a .pfx file. I couldn't find any other way to export it. I've seen other posts say that a .pfx is not a cert, but contains extra info that must be imported into a store.

I'm working on the Windows side, and my colleague is trying to import on the Linux side for AS2 communication with Microsoft BizTalk.

NealWalters
  • 1,333
  • 8
  • 19
  • 39
  • The first line generates a self-signed certificate. How does that result in a Java error? Where does the cert that was created on the 2K8R2 and exported as a PFX fit in? You seem to have missed quite a large piece of the story out here. – garethTheRed Apr 28 '17 at 18:33
  • Sorry - I'm the middle man trying to interpret what the Linux guy is doing... It was actually the Open/AS2 "Cert" command (listed in comment below to Cory's answer) that he was running. – NealWalters Apr 28 '17 at 19:08

1 Answers1

3

If I understand correctly, you currently have a PFX and are looking to import into a Linux machine. A PFX file is a Windows based file format for a password protected key and certificate bundle. It may also include the whole cert chain.

The openSSL command you should need is

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Give that a try and see if you get the same error.

Cory Knutson
  • 1,876
  • 13
  • 20
  • Ran your command on the pfx and it created a .pem file that was "readable". His goal was then to import OpenAS2 cert store "cert import testcet /path/to/testcert.pem passphrase", and that got an error: org.openas2.WrappedException: java.io.IOException: stream does not represent a PKCS12 key store. And correction - originally it was the AS2/Open "cert" command that gave the java error - sorry. – NealWalters Apr 28 '17 at 19:04
  • I can post a new question about the Open AS2 issue, if that would be better. – NealWalters Apr 28 '17 at 19:09
  • I am sorry, I wanted to help with the OpenSSL part, but I am not familiar with Open AS2 – Cory Knutson Apr 28 '17 at 19:16