My Oracle Support Banner

Pktool Fails To Import SHA1-hashed Certificates (Doc ID 1637317.1)

Last updated on JANUARY 29, 2021

Applies to:

Solaris Operating System - Version 10 5/08 U5 to 10 1/13 U11 [Release 10.0]
Information in this document applies to any platform.


Cu has trouble importing the certificate to the pktool.

pktool fails to import SHA1-hashed certificates.
... exits with error:
libkmf error: KMF_ERR_ENCODING


# pktool import keystore=pkcs11 infile=/home/admin/csr/customnetcontrol.cer label=customnetcontrol
Error importing objects:
libkmf error: KMF_ERR_ENCODING
pktool -? (help and usage)


 One example, we noticed that the customer is using the .cer filename extension so this file was likely created or copied on a PC system (Windows, DOS, ...) and this may indeed cause the problem here.   DOS (Windows) and Unix are using different encodings of a line end and the DOS-syntax adds an control-M at the end of each line.   The openssl command can deal with both filetypes while the pktool command can only work with the correct Unix syntax.   cat -vet command may help reveal this issue.   

If the customer is seeing these extra ctontrol-M (^M) characters in the output then he first need to convert the DOS like file to the Unix style.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.