Pktool Fails To Import SHA1-hashed Certificates

(Doc ID 1637317.1)

Last updated on MARCH 19, 2014

Applies to:

Solaris SPARC Operating System - Version 10 5/08 U5 to 10 1/13 U11 [Release 10.0]
Information in this document applies to any platform.


Cu has trouble importing the certificate to the pktool.

pktool fails to import SHA1-hashed certificates.
... exits with error:
libkmf error: KMF_ERR_ENCODING


# pktool import keystore=pkcs11 infile=/home/admin/csr/customnetcontrol.cer label=customnetcontrol
Error importing objects:
libkmf error: KMF_ERR_ENCODING
pktool -? (help and usage)


 One example, we noticed that the customer is using the .cer filename extension so this file was likely created or copied on a PC system (Windows, DOS, ...) and this may indeed cause the problem here.   DOS (Windows) and Unix are using different encodings of a line end and the DOS-syntax adds an control-M at the end of each line.   The openssl command can deal with both filetypes while the pktool command can only work with the correct Unix syntax.   cat -vet command may help reveal this issue.   

If the customer is seeing these extra ctontrol-M (^M) characters in the output then he first need to convert the DOS like file to the Unix style.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms