My Oracle Support Banner

Pktool Fails To Import SHA1-hashed Certificates (Doc ID 1637317.1)

Last updated on MARCH 19, 2014

Applies to:

Solaris SPARC Operating System - Version 10 5/08 U5 to 10 1/13 U11 [Release 10.0]
Information in this document applies to any platform.

Symptoms

Cu has trouble importing the certificate to the pktool.


pktool fails to import SHA1-hashed certificates.
... exits with error:
libkmf error: KMF_ERR_ENCODING

example:

# pktool import keystore=pkcs11 infile=/home/admin/csr/customnetcontrol.cer label=customnetcontrol
Error importing objects:
libkmf error: KMF_ERR_ENCODING
Usage:
pktool -? (help and usage)

Changes

 One example, we noticed that the customer is using the .cer filename extension so this file was likely created or copied on a PC system (Windows, DOS, ...) and this may indeed cause the problem here.   DOS (Windows) and Unix are using different encodings of a line end and the DOS-syntax adds an control-M at the end of each line.   The openssl command can deal with both filetypes while the pktool command can only work with the correct Unix syntax.   cat -vet command may help reveal this issue.   

If the customer is seeing these extra ctontrol-M (^M) characters in the output then he first need to convert the DOS like file to the Unix style.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.