Destination certificate type should be checked (or at least catch the error to describe how to address)
criterion9 opened this issue · 3 comments
I was getting a strange error when using the current master of the ssl cert import tool.
DerInputStream.getLength(): lengthTag=109, too big.
It took a couple hours of searching to identify that the keystore in my Ubuntu instance (that has been upgraded many many times) still had the JKS format. Not sure if this really requires any code change to address as a keytool command to change the keystore from JKS to pkcs12 worked like a charm.
It could be worth looking at determining if the format of the destination keystore is JKS if that length=109 exception is thrown and doing the conversion automatically or at least suggesting verifying the keystore format in the output.
I too would be interested if there is an automated fix for this. I tried using the keytool manually but ended up with password questions I could not answer so my only choice was to roll back my controller to a backup to get it back online. Thank you in advance.
I was getting the same error.
After much trial and error I was able to fix the issue by removing "-deststoretype pkcs12 " from line 155 of the script.
Now the script runs for me, and Unifi works.
I had same error, used @doubleosixandahalf method and this has solved the issue.
Now getting "The JKS keystore uses a proprietary format." error but all working.