Failed to save CA certificate : Invalid certificate file

Submitted by tfhelp on Tue, 09/19/2017 - 02:15

Dear virtualmin support,

We are running: - ubuntu 16.04.3 - webmin 1.851 - virtualmin 6.00

And are currently unable to upload CA or intermediate .ca files via the Virtualmin --> Server Configuration --> Manage SSL Certificate --> CA Certificate. Whenever we do this we get the following error:

  • Failed to save CA certificate : Invalid certificate file : Certificate does not appear to have a common name

Attached you'll find one of the crt files (converted to txt) we had issues with. We have a workaround, but this is a bit tedious. We manually upload the file, give it the proper rights and edit the sites-enabled conf.

We are wondering how we can fix this.

Files: 
Plain text icon addtrustexternalcaroot.txt
Plain text icon comodorsaaddtrustca.txt
Plain text icon comodorsadomainvalidationsecureserverca.txt
Status: 
Closed (fixed)

Comments

Submitted by JamieCameron on Wed, 09/20/2017 - 01:08

Ok, this can happen because openssl changed it's output format. This will be fixed in the next Virtualmin release.

Submitted by JamieCameron on Wed, 09/20/2017 - 01:08

Status: Active » Fixed

Submitted by IssueBot on Wed, 10/04/2017 - 02:07

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Submitted by JamieCameron on Sat, 12/16/2017 - 01:30

mikt - can you attach the CA cert you are trying to use to this bug report?

Submitted by tfhelp on Tue, 01/09/2018 - 01:57

With the last update we can't import the CA certificates anymore. We get the following error:

Failed to save CA certificate : Invalid certificate file : Certificate does not appear to have a common name

I've attached the new crt files we use. We normally put al the texts in the CA Certificate --> Pasted certificate text box and press the Save Certificate box.

I've tried different things but the error remains the same. Tried;

  1. Only 1 certificate text (out of the 3 provided)
  2. 2 of the 3 (skipping the root one)
  3. All 3 texts combined into one text

If we make a combined ssl.ca file and upload this via ftp and use the CLI to install the CA certs, it works and installs correctly. If you need more information please let me know.

(Webmin 1.872 & Vmin 6.02)

Submitted by JamieCameron on Tue, 01/09/2018 - 16:57

On your system, if you run the command :

openssl x509 -in addtrustexternalcaroot.txt -issuer -subject -enddate | grep subject

for each of these files, what does it output?

Submitted by tfhelp on Fri, 01/12/2018 - 04:11

We had the following output;

openssl x509 -in addtrustexternalcaroot.txt -issuer -subject -enddate | grep subject

subject=C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root

openssl x509 -in comodorsaaddtrustca.txt -issuer -subject -enddate | grep subject

subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority

openssl x509 -in comodorsadomainvalidationsecureserverca.txt -issuer -subject -enddate | grep subject

subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA

Submitted by tfhelp on Mon, 01/15/2018 - 03:10

Thanks Jamie! I'll ask my supervisor if we can install the patch so we can confirm it works :)

Submitted by IssueBot on Thu, 10/11/2018 - 20:07

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.