Forum > Could not load certificate error (SSL)

07-04-2018, 04:23 PM:

Hello,

One of our customers has "Could not load certificate. error:00000000:lib(0):func(0):reason(0)" errors.

They said that Web Server intermittently reports an exception stating that the certificates cannot be loaded (after stopping and restarting the Web Server on some occasions no exceptions are raised).

IntraWeb version: 14.1.2

Please see attached exception file [attachment=31]

I can not reproduce it on my PC. Has anybody ever encountered such a error?

07-10-2018, 01:25 PM:

(07-04-2018, 04:23 PM)Roman Bay Wrote: [ -> ]Hello,

One of our customers has "Could not load certificate. error:00000000:lib(0):func(0):reason(0)" errors.

They said that Web Server intermittently reports an exception stating that the certificates cannot be loaded (after stopping and restarting the Web Server on some occasions no exceptions are raised).

IntraWeb version: 14.1.2

Please see attached exception file

I can not reproduce it on my PC. Has anybody ever encountered such a error?

I could reproduce it on my PC with customer ".pem" files.

I have noticed that cert.pem file contain 3 sections:

-----BEGIN CERTIFICATE-----

-----------------------------

-----END CERTIFICATE-----

But If I remove two of them and leave only one then this error is not displayed. So I think that issue related to correct converting ".pfx" file to customcert.pem file and customroot.pem as well.

07-10-2018, 09:43 PM:

(07-10-2018, 01:25 PM)Roman Bay Wrote: [ -> ] (07-04-2018, 04:23 PM)Roman Bay Wrote: [ -> ]Hello,

One of our customers has "Could not load certificate. error:00000000:lib(0):func(0):reason(0)" errors.

They said that Web Server intermittently reports an exception stating that the certificates cannot be loaded (after stopping and restarting the Web Server on some occasions no exceptions are raised).

IntraWeb version: 14.1.2

Please see attached exception file

I can not reproduce it on my PC. Has anybody ever encountered such a error?

I could reproduce it on my PC with customer ".pem" files.

I have noticed that cert.pem file contain 3 sections:

-----BEGIN CERTIFICATE-----

-----------------------------

-----END CERTIFICATE-----

But If I remove two of them and leave only one then this error is not displayed. So I think that issue related to correct converting ".pfx" file to customcert.pem file and customroot.pem as well.I'm not sure I understand this...

Which 3 sections are you referring to?

For instance, this is a real, working, self signed certificate:

-----BEGIN CERTIFICATE-----

MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu

MC4wLjEwHhcNMTgwNzEwMjE0MjE4WhcNMjgwNzEwMjE0MjE4WjAUMRIwEAYDVQQD

EwkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeUjSw

oULbYDFNibBfesy6QDUqHMFOUBPrd2AFnQyvsGmRVcpSCxaDHLWYeKQyBoGuRikv

gm6iV0lN8NWWfWO4239UhW7brrJ406Aurz+gj+lOW6NwxGlh9s7jyQc9zmJ3Yljf

+UNb5ysrNdJFtSLRBNstiBJsmFDJJdrYa1R+l5W2u7h5hLsLzZ/hS7NqoOK+8b8y

QSUDnA8iEr0IUBqVioEHWQ3IvyJzDaKfonFfsrDWdJvUbqLNtgXkbmb1YGA2LK4r

ARgrx3FQbMEtN2SplfI1LdvTz3HcXrhGya9+0VmvNpTOfTGvaEZna7GhdVMpO6cQ

VwmRnqqjgErQrm0dAgMBAAGjgZ4wgZswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC

AvQwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYB

BQUHAwQGCCsGAQUFBwMIMBEGCWCGSAGG+EIBAQQEAwIA9zAPBgNVHREECDAGhwR/

AAABMB0GA1UdDgQWBBT57K6dpKDGeFitjveCtQigg1HLmDANBgkqhkiG9w0BAQsF

AAOCAQEAAxFEvv3TKj16iqe0h5QMhtll/5E54S92NI8ID3TqTEUim+V+f7fak+1O

ttV3MRBe2hsVMPBj8rqkVToYEMgFi4ScBHgm3+v2o81QJcKCnW89knUDHcy0/SOY

PnaKP29TDASw1a1GwIePxCTbx4hKuIYDLFHEAGetTsh/GOg+pQdUWVmAgZ8MUvjl

USm9ep0bHxUCKadVMEII8qTw7+1na07g0wpZuSGXB2/6w5Ixo00mdvam0f754INE

G1FAYlFUeZu45oTJpezieYwpjIOQ5Zo3Fc266A6C6SVLeOMeK93LisnbauJ0CTZu

6NLpc5iknAMd+JfeygkZB8auLw1/dw==

-----END CERTIFICATE-----

The file should just contain this. What else does your file contain?

07-31-2018, 01:44 PM:

(07-10-2018, 09:43 PM)Alexandre Machado Wrote: [ -> ] (07-10-2018, 01:25 PM)Roman Bay Wrote: [ -> ] (07-04-2018, 04:23 PM)Roman Bay Wrote: [ -> ]Hello,

One of our customers has "Could not load certificate. error:00000000:lib(0):func(0):reason(0)" errors.

They said that Web Server intermittently reports an exception stating that the certificates cannot be loaded (after stopping and restarting the Web Server on some occasions no exceptions are raised).

IntraWeb version: 14.1.2

Please see attached exception file

I can not reproduce it on my PC. Has anybody ever encountered such a error?

I could reproduce it on my PC with customer ".pem" files.

I have noticed that cert.pem file contain 3 sections:

-----BEGIN CERTIFICATE-----

-----------------------------

-----END CERTIFICATE-----

Which 3 sections are you referring to?

For instance, this is a real, working, self signed certificate:

-----BEGIN CERTIFICATE-----

MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu

............................................................................................................................

-----END CERTIFICATE-----

The file should just contain this. What else does your file contain?

Customers file was similar to this (3 parts BEGIN END):

-----BEGIN CERTIFICATE-----

MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu

........................................................................................................................

6NLpc5iknAMd+JfeygkZB8auLw1/dw==

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu

........................................................................................................................

6NLpc5iknAMd+JfeygkZB8auLw1/dw==

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu

........................................................................................................................

6NLpc5iknAMd+JfeygkZB8auLw1/dw==

-----END CERTIFICATE-----