Preskoči na glavno vsebino

Import SSL certifikátu končí chybou

Chyba: "Bad signature length: got 512 but was expecting 256" Chyba: "Signature does not match."

Avtor: Petr Pech

Chyba: "Bad signature length: got 512 but was expecting 256"

Pri importe Let's Encrypt certifikátu končí príkaz typu:

curl -X PUT -u $flexibee_name:$flexibee_pass -k -L -T le-flexibee.pem https://localhost:5434/certificate.json


nasledujúcou chybou:

{"winstrom":{"@version":"1.0","success":"false","message":"Bad signature length: got 512 but was expecting 256"}}

Príčinou bude pravdepodobne to, že nahrávaný certifikát nebol End-entity certificate ← R3 ← ISRG Root X1, ale End-entity certificate ← R3 ← ISRG Root X1 ← DST Root CA X3.

Ak sa zmení na End-entity certificate ← R3 ← ISRG Root X1, certifikát by mal byť platný a jeho import by mal prebehúť úspešne. Po importe reštartujte aplikáciu.

Chyba: "Signature does not match."

Pri importe Let's Encrypt certifikátu končí príkaz typu:

curl -s -X PUT -u $flexibee_name:$flexibee_pass -k -L -T le-flexibee.pem https://localhost:5434/certificate.json

nasledujúcou chybou:

{"winstrom":"success":"false","@version":"1.0","message@messageCode":"",

"message":"Signature does not match."}}

Príčinou môže byť neúplný SSL reťazec (chain).

Flexi v ňom vyžaduje aj ROOT certifikát Certifikačnej autority a po jeho pridaní do reťazca následne správne prebehne aj samotný import certifikátu.

Vzorový kompletný postup:

#set this to name of your certificate, used as part of path to your Let's Encrypt certificate
certificate_name="example.com"

#flexibee settings for automatic certificate upload to server
flexibee_name="xxx"
flexibee_pass="yyy"

if [ -f /etc/letsencrypt/live/$certificate_name/privkey.pem ] ; then

cd /etc/letsencrypt/live/$certificate_name

# convert key to PKCS#1 format
openssl rsa -in 
/etc/letsencrypt/live/$certificate_name/privkey.pem -out le-rsaprivkey.pem 2> /dev/null

# combine all the certificates into final le-flexibee.pem
cat 
/etc/letsencrypt/live/$certificate_name/fullchain.pem 
/etc/ssl/certs/ISRG_Root_X1.pem le-rsaprivkey.pem > le-flexibee.pem

#now we have Let's Encrypt certificate suitable for Flexi, we can upload this certificate to server
curl -s -X PUT -u $flexibee_name:$flexibee_pass -k -L -T le-flexibee.pem https://localhost:5434/certificate.json

#restart Flexi
service flexibee restart
Sorodni članki
Import EET certifikátov
Výmena SSL certifikátu
Dávkové operácie
cURL príkaz na import dát do aplikácie
Import faktúry vo formáte ISDOC cez REST API
Ste s tem dobili odgovor na svoje vprašanje?