Problem importing SSL Private Key/Certificate pair

Oleksiy_Gayda · July 2, 2007, 11:32pm

Hi folks,

I couldn’'t find anything regarding this specific error in either forums or out on the internet, so I figured it was time to register and ask… I am having a problem registering an SSL Private Key/Certificate pair that I have obtained from Verisign. I recieve this error message:

There was an error one importing private key and signed certificate. Error message: org.bouncycastle.jce.PKCS10CertificationRequest cannot be cast to java.security.KeyPair

I have generated the Private Key using IIS 6.0 (Windows 2003) and I have recieved the SSL Certificate from Verisign. What am I doing wrong?

Thank you kindly,

Oleksiy G.

Oleksiy_Gayda · July 10, 2007, 8:53pm

Bump.

Ok, if nobody knows how to use Verisign with Openfire, what certificate autority should I be using for RSA/DSA (by the way according to Verisign support, they do not provide DSA-compatible cerificates so that answers half the question).

Martin_Weusten · July 10, 2007, 9:06pm

Importing keys seems to be a problem for openfire resp. the Java keytool.

I have a similar problem, see this thread.

delimiter · August 6, 2007, 9:55pm

Start over. Use openfire (keytool) to create the key & CSR. Then you won’'t have trouble importing the certificate from Verisign.

Your problem was using IIS to create the key, that leaves your keystore void of a critical component.

Oleksiy_Gayda · August 24, 2007, 10:45pm

When I try to copy-paste CSR from the OpenFire console to the VeriSign website to generate a certificate, I recieve the following: “errors.9506” - response from VeriSign support was “Unfortunately we do not have instructions for the OpenFire Jabber server, thus you will need to contact your server vendor to confirm which certificate you need.” Any thoughts?

delimiter · August 27, 2007, 6:10pm

Which one did you try, the RSA or DSA? I think the DSA might be the one you want.

Oleksiy_Gayda · August 27, 2007, 6:16pm

It was the RSA, VeriSign does not do DSA:

-----

–~~-Original Message~~—
From: Support
Subject: Re : Secure Site Support Request

Dear Oleksiy

We do not issue DSA certificates. All our certificates will use RSA. Unfortunately we do not have instructions for the OpenFire Jabber server, thus you will need to contact your server vendor to confirm which certificate you need.

If you have additional questions, please visit our world class Support web site.

Thank you,

Robert+
+VeriSign Customer Support