powered by Jive Software

Problem importing SSL Private Key/Certificate pair

Hi folks,

I couldn’'t find anything regarding this specific error in either forums or out on the internet, so I figured it was time to register and ask… I am having a problem registering an SSL Private Key/Certificate pair that I have obtained from Verisign. I recieve this error message:

There was an error one importing private key and signed certificate. Error message: org.bouncycastle.jce.PKCS10CertificationRequest cannot be cast to java.security.KeyPair

I have generated the Private Key using IIS 6.0 (Windows 2003) and I have recieved the SSL Certificate from Verisign. What am I doing wrong?

Thank you kindly,

Oleksiy G.

Bump.

Ok, if nobody knows how to use Verisign with Openfire, what certificate autority should I be using for RSA/DSA (by the way according to Verisign support, they do not provide DSA-compatible cerificates so that answers half the question).

Importing keys seems to be a problem for openfire resp. the Java keytool.

I have a similar problem, see this thread.

Start over. Use openfire (keytool) to create the key & CSR. Then you won’'t have trouble importing the certificate from Verisign.

Your problem was using IIS to create the key, that leaves your keystore void of a critical component.

When I try to copy-paste CSR from the OpenFire console to the VeriSign website to generate a certificate, I recieve the following: “errors.9506” - response from VeriSign support was “Unfortunately we do not have instructions for the OpenFire Jabber server, thus you will need to contact your server vendor to confirm which certificate you need.” Any thoughts?

Which one did you try, the RSA or DSA? I think the DSA might be the one you want.

It was the RSA, VeriSign does not do DSA:

-----

-Original Message
From: Support
Subject: Re : Secure Site Support Request

Dear Oleksiy

We do not issue DSA certificates. All our certificates will use RSA. Unfortunately we do not have instructions for the OpenFire Jabber server, thus you will need to contact your server vendor to confirm which certificate you need.

If you have additional questions, please visit our world class Support web site.

Thank you,

Robert+
+VeriSign Customer Support