Wikis - Page

Knowledge Doc: ECC Certificates no longer working after upgrade to NAM version 5 SP3 or higher

0 Likes

Summary
ECC Certificates when used on Access Gateway with SP3 and higher generates an error when repushed.

Products
Access Manager (NAM)

Environment
Access Manager version 5 SP3
Access Manager version 5 SP4

Situation
After upgrade to SP3 or higher the ECC certificates seemed to be missing the keys, resulting in Apache not starting.

As a workaround the certificates have been restored from backup.
When an attempt is done to try and push a new ECC certificate to the Access Gateway, the script "/opt/novell/devman/jcc/conf/decryptSSLCert.sh" fails with the below error:

"Created encrypted file /etc/opt/novell/apache2/conf/clientcerts/test_ecc.pem Recreated encrypted file /opt/novell/apache2/certs/test_ecc.pem Error opening Private Key /opt/novell/apache2/certs//ssltemp/unencryptedkey.pem 139942802658960:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('/opt/novell/apache2/certs//ssltemp/unencryptedkey.pem','r') 139942802658960:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408: unable to load Private Key cat: /opt/novell/apache2/certs//ssltemp/encryptedkey.pem: No such file or directory 140457771075216:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:p_lib.c:287: cat: /opt/novell/apache2/certs//sslCerttemp/encryptedkey.pem: No such file or directory"


RSA certificates seems to work OK.

Cause
The script "opt/novell/devman/jcc/conf/decryptSSLCert.sh" is missing relevant entries for ECC certificates.

Resolution
This issue has been addressed to engineering.


Knowledge Base Article Link


URL Name
KM000016963

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended