Home » Kerio User Forums » Kerio Connect » Can't start XMPP service : Updating certificate failed

Messages: 1
Karma: 0
Send a private message to this user

I had the following problem with the 8.1 version on a Debian 6 amd64 server. I just updated to the 8.2 version and the problem is still there, so I'm reporting it.

When I start kerio, the instant messaging service won't start, I have the following error in xmpp/logs/im.log.0

[09/10/2013 10:15:15] WARNING Initializing external component failed (com.kerio.im.service.task.StartServer$LazyExtServiceLoader.event): com.kerio.im.xmpp.api.XmppException: Updating certificate failed
        at com.kerio.im.tigase.DomainServiceImpl.update(DomainServiceImpl.java:111)
        at com.kerio.im.core.cert.Certificates.<init>(Certificates.java:29)
        at com.kerio.im.core.CoreRuntime.setExtService(CoreRuntime.java:74)
        at com.kerio.im.service.task.StartServer$LazyExtServiceLoader.event(StartServer.java:85)
        at com.kerio.im.service.task.StartServer$LazyExtServiceLoader.event(StartServer.java:68)
        at com.kerio.im.core.Bus.publish(Bus.java:34)
        at com.kerio.im.core.remote.RemoteControl.messageReceived(RemoteControl.java:51)
        at com.kerio.im.tigase.ConnectComponent.processPacket(ConnectComponent.java:129)
        at tigase.server.AbstractMessageReceiver$QueueListener.run(AbstractMessageReceiver.java:1341)
Caused by: java.security.cert.CertificateParsingException: Problem adding a new certificate.
        at tigase.io.SSLContextContainer.addCertificates(SSLContextContainer.java:238)
        at tigase.io.TLSUtil.addCertificate(TLSUtil.java:69)
        at com.kerio.im.tigase.DomainServiceImpl.update(DomainServiceImpl.java:108)
        ... 8 more
Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): lengthTag=64, too big.
        at sun.security.x509.X509CertImpl.<init>(Unknown Source)
        at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
        at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
        at tigase.cert.CertificateUtil.parseCertificate(CertificateUtil.java:496)
        at tigase.io.SSLContextContainer.addCertificates(SSLContextContainer.java:233)
        ... 10 more
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=64, too big.
        at sun.security.util.DerInputStream.getLength(Unknown Source)
        at sun.security.util.DerValue.<init>(Unknown Source)
        at sun.security.util.DerInputStream.getDerValue(Unknown Source)
        at sun.security.x509.X509CertImpl.parse(Unknown Source)
        ... 15 more

[09/10/2013 10:15:15] WARNING Performing IM service shutdown (com.kerio.im.core.Shutdown$ShutdownTask.run)
[09/10/2013 10:15:18] WARNING ShutdownThread started... (tigase.server.monitor.MonitorRuntime$MainShutdownThread.run)

We have a SSL certificate from GeoTrust which is valid.
I tried to generate a certificate from kerio, switch to this certificate then restart and the instant messaging starts correctly.

Why do my SSL certificate won't work with the instant messaging ?


[Updated on: Wed, 09 October 2013 11:26]

Pavel Dobry (Kerio)

Messages: 2057
Karma: 251
Send a private message to this user
It could be caused by unexpected format of certificate file. Please send a bug report via http://www.kerio.com/support/submit-bug-report and attach the certificate file.
Thank you.
Previous Topic: 8.2 Log files
Next Topic: KCB 8.0 with Kerio Connect 8.1
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 15 06:49:25 CET 2018

Total time taken to generate the page: 0.79130 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.