Hi Everynone,
as many people before me, I’m stuck with importing certificates and the dreaded “Supplied key (null) is not a RSAPrivateKey instance”-error. I have an already signed, passwordless x509 RSA certificate, that I use for my apache2-webserver - the validation chain is
myCert -> HS-HD -> DFN -> Telekom
The according cert-files are available from the main page of the DFN[1].
I first tried to install the certificate and key through the web interface, but I get a generic error “There was an error one importing private key and signed certificate”. I also tried to generate an x509 with password and import that, but I got the same error. I then tried to follow the official instructions from the SSL Guide[1], but as I did not generate the private keys internally, it wasn’t so useful. Next step was the Guide from lovelysystems[3] by converting my PEM- to DER-files and manually importing them and the intermediate certificate files, and I get the dreaded “not a RSAPrivateKey”-Error. If I leave out the intermediate certificate file, the error goes away, but my certificate is shown as not signed in the web interface, as the certification chain is broken. The same happens to all connecting clients, although it does work (but a ssl connection without a certificate chain is as worthless as self-signed certs).
In my error.log, I see an error on the truststore (which I’m not using) and on the STUN-Server (java.net.UnknownHostException: CHOOSE).
So, in conclusion, any ideas why I get the error and how to get the client and the server to see the certificate chain?
Best Regards,
Lars
[1] https://info.pca.dfn.de/srh-hs-heidelberg-ca/
[2] http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guid e.html
[3] http://www.lovelysystems.com/importing-an-existing-ssl-certificate-to-openfire/