Atozed Forums

Full Version: Could not load certificate error (SSL)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello,

One of our customers has "Could not load certificate. error:00000000:lib(0):func(0):reason(0)" errors. 
They said that Web Server intermittently reports an exception stating that the certificates cannot be loaded (after stopping and restarting the Web Server on some occasions no exceptions are raised). 

IntraWeb version: 14.1.2

Please see attached exception file [attachment=31]

I can not reproduce it on my PC. Has anybody ever encountered such a error?
(07-04-2018, 04:23 PM)Roman Bay Wrote: [ -> ]Hello,

One of our customers has "Could not load certificate. error:00000000:lib(0):func(0):reason(0)" errors. 
They said that Web Server intermittently reports an exception stating that the certificates cannot be loaded (after stopping and restarting the Web Server on some occasions no exceptions are raised). 

IntraWeb version: 14.1.2

Please see attached exception file

I can not reproduce it on my PC. Has anybody ever encountered such a error?

I could reproduce it on my PC with customer ".pem" files.
I have noticed that cert.pem file contain 3 sections: 
-----BEGIN CERTIFICATE-----
-----------------------------
-----END CERTIFICATE-----
But If I remove two of them and leave only one then this error is not displayed. So I think that issue related to correct converting ".pfx" file to customcert.pem file and customroot.pem as well.
(07-10-2018, 01:25 PM)Roman Bay Wrote: [ -> ]
(07-04-2018, 04:23 PM)Roman Bay Wrote: [ -> ]Hello,

One of our customers has "Could not load certificate. error:00000000:lib(0):func(0):reason(0)" errors. 
They said that Web Server intermittently reports an exception stating that the certificates cannot be loaded (after stopping and restarting the Web Server on some occasions no exceptions are raised). 

IntraWeb version: 14.1.2

Please see attached exception file

I can not reproduce it on my PC. Has anybody ever encountered such a error?

I could reproduce it on my PC with customer ".pem" files.
I have noticed that cert.pem file contain 3 sections: 
-----BEGIN CERTIFICATE-----
-----------------------------
-----END CERTIFICATE-----
But If I remove two of them and leave only one then this error is not displayed. So I think that issue related to correct converting ".pfx" file to customcert.pem file and customroot.pem as well.
I'm not sure I understand this... 

Which 3 sections are you referring to? 

For instance, this is a real, working, self signed certificate:

-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu
MC4wLjEwHhcNMTgwNzEwMjE0MjE4WhcNMjgwNzEwMjE0MjE4WjAUMRIwEAYDVQQD
EwkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeUjSw
oULbYDFNibBfesy6QDUqHMFOUBPrd2AFnQyvsGmRVcpSCxaDHLWYeKQyBoGuRikv
gm6iV0lN8NWWfWO4239UhW7brrJ406Aurz+gj+lOW6NwxGlh9s7jyQc9zmJ3Yljf
+UNb5ysrNdJFtSLRBNstiBJsmFDJJdrYa1R+l5W2u7h5hLsLzZ/hS7NqoOK+8b8y
QSUDnA8iEr0IUBqVioEHWQ3IvyJzDaKfonFfsrDWdJvUbqLNtgXkbmb1YGA2LK4r
ARgrx3FQbMEtN2SplfI1LdvTz3HcXrhGya9+0VmvNpTOfTGvaEZna7GhdVMpO6cQ
VwmRnqqjgErQrm0dAgMBAAGjgZ4wgZswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
AvQwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYB
BQUHAwQGCCsGAQUFBwMIMBEGCWCGSAGG+EIBAQQEAwIA9zAPBgNVHREECDAGhwR/
AAABMB0GA1UdDgQWBBT57K6dpKDGeFitjveCtQigg1HLmDANBgkqhkiG9w0BAQsF
AAOCAQEAAxFEvv3TKj16iqe0h5QMhtll/5E54S92NI8ID3TqTEUim+V+f7fak+1O
ttV3MRBe2hsVMPBj8rqkVToYEMgFi4ScBHgm3+v2o81QJcKCnW89knUDHcy0/SOY
PnaKP29TDASw1a1GwIePxCTbx4hKuIYDLFHEAGetTsh/GOg+pQdUWVmAgZ8MUvjl
USm9ep0bHxUCKadVMEII8qTw7+1na07g0wpZuSGXB2/6w5Ixo00mdvam0f754INE
G1FAYlFUeZu45oTJpezieYwpjIOQ5Zo3Fc266A6C6SVLeOMeK93LisnbauJ0CTZu
6NLpc5iknAMd+JfeygkZB8auLw1/dw==
-----END CERTIFICATE-----

The file should just contain this. What else does your file contain?
(07-10-2018, 09:43 PM)Alexandre Machado Wrote: [ -> ]
(07-10-2018, 01:25 PM)Roman Bay Wrote: [ -> ]
(07-04-2018, 04:23 PM)Roman Bay Wrote: [ -> ]Hello,

One of our customers has "Could not load certificate. error:00000000:lib(0):func(0):reason(0)" errors. 
They said that Web Server intermittently reports an exception stating that the certificates cannot be loaded (after stopping and restarting the Web Server on some occasions no exceptions are raised). 

IntraWeb version: 14.1.2

Please see attached exception file

I can not reproduce it on my PC. Has anybody ever encountered such a error?

I could reproduce it on my PC with customer ".pem" files.
I have noticed that cert.pem file contain 3 sections: 
-----BEGIN CERTIFICATE-----
-----------------------------
-----END CERTIFICATE-----
But If I remove two of them and leave only one then this error is not displayed. So I think that issue related to correct converting ".pfx" file to customcert.pem file and customroot.pem as well.
I'm not sure I understand this... 

Which 3 sections are you referring to? 

For instance, this is a real, working, self signed certificate:

-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu
............................................................................................................................
-----END CERTIFICATE-----

The file should just contain this. What else does your file contain?

Customers file was similar to this (3 parts BEGIN END):

-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu
........................................................................................................................
6NLpc5iknAMd+JfeygkZB8auLw1/dw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu
........................................................................................................................
6NLpc5iknAMd+JfeygkZB8auLw1/dw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwkxMjcu
........................................................................................................................
6NLpc5iknAMd+JfeygkZB8auLw1/dw==
-----END CERTIFICATE-----