I am trying to install a new signed certificate but having hard time. Any suggestion would be appreciated.
I created a new SCR by using:
#Tarantella security certrequest –country “US” –State “California” –orgname “University of California Irvine” –locality “Orange” –Keylength 2048
Sent SCR to supported authority and got the certificate back. I have copy this certificate in root. So far so good, but problem is that I can’t install it.
If I use
#Tarantella security certuse
After initial warning I copy the content of certificate, hit <ENTER> and then Ctrl+D but I get error claiming that: Not a valid certificate
#Tarantella security certuse < /root/myResearch.p7b
I get following repeating error:
Are you sure you want to overwrite it? [no]
And then in the end of this repeating statement the last sentence says: Not a valid certificate.
What am I doing wrong?
From tarantella security certuse --help
Certificates must be Base 64-encoded PEM-format, with a header line
including "BEGIN CERTIFICATE", as used by OpenSSL.
It looks like you have been given a certificate in a different format, PKCS#7 (p7b). You could request a new certificate from the CA in PEM format or try to convert the one you have. I do not think SGD supports that conversion, but there are tools to convert certificate formats on the web.
i am not sure about PEM format. I am trying to find answer from security team. however, in the mean time I got the new certificate in base 64-format with cer extension. I used following command:
tarantella security certuse --certfile /opt/var/tps/myresearch2012-base64.cer
It gives warning that 'A key file already exists for this server. Are you sure you want to overwrite it ?' If say yes it returns 'The certificate file doesn't exist'.
Any other suggestion?