Why can't I import my certificate file?
You try to use IBM Cloud® Secrets Manager to import an SSL/TLS certificate, but you're unable to complete the action.
You have an unexpired TLS certificate that you want to store in Secrets Manager. When you try to import the file by using the Secrets Manager UI, you get the following error:
Add secret failed
An error occurred and the secret couldn't be added.
You also try to import the file by using the Secrets Manager API, but you get the following error:
Unable to parse the certificate
Secrets Manager supports X.509 certificate files in the .pem
format only. However, you might be working with a certificate that is in a different file format. For example, X.509 certificates can have a variety of file extension types,
including:
- Certificate (
.crt
) or (.cer
) - Distinguished encoding rules (
.der
) - Privacy-enhanced electronic mail (
.pem
)
To resolve the issue, ensure that your certificate file is in the supported format before you import it to Secrets Manager.
-
Use the
openssl
utility to convert an X.509 certificate to the.pem
format.To convert a
.crt
file to.pem
, run the following command:openssl x509 -in cert.crt -out cert.pem
To convert a
.cer
file to.pem
, run the following command:openssl x509 -in cert.cer -out cert.pem
To convert a
.der
file to.pem
, run the following command:openssl x509 -in cert.der -out cert.pem
-
Optional: If you're using the Secrets Manager API to import your certificate, ensure that the data is formatted correctly.
You can use the following UNIX command to format your
.pem
file to a single-line string can be passed to the Secrets Manager API:awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' cert.pem