Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
ECC Certificates when used on Access Gateway with SP3 and higher generates an error when repushed.
Products
Access Manager (NAM)
Environment
Access Manager version 5 SP3
Access Manager version 5 SP4
Situation
After upgrade to SP3 or higher the ECC certificates seemed to be missing the keys, resulting in Apache not starting.
As a workaround the certificates have been restored from backup.
When an attempt is done to try and push a new ECC certificate to the Access Gateway, the script "/opt/novell/devman/jcc/conf/decryptSSLCert.sh" fails with the below error:
"Created encrypted file /etc/opt/novell/apache2/conf/clientcerts/test_ecc.pem Recreated encrypted file /opt/novell/apache2/certs/test_ecc.pem Error opening Private Key /opt/novell/apache2/certs//ssltemp/unencryptedkey.pem 139942802658960:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('/opt/novell/apache2/certs//ssltemp/unencryptedkey.pem','r') 139942802658960:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408: unable to load Private Key cat: /opt/novell/apache2/certs//ssltemp/encryptedkey.pem: No such file or directory 140457771075216:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:p_lib.c:287: cat: /opt/novell/apache2/certs//sslCerttemp/encryptedkey.pem: No such file or directory"
RSA certificates seems to work OK.
Cause
The script "opt/novell/devman/jcc/conf/decryptSSLCert.sh" is missing relevant entries for ECC certificates.
Resolution
This issue has been addressed to engineering.
URL Name
KM000016963