Jump to content
Welcome to our new Citrix community!

URL not valid error when adding a certificate


Recommended Posts

HI all, 

 

We have a problem with on specific root certificate and the corresponding issued server certificate. When I upload the root certificate first and afterwards the server certificate I got the following error

 

 "ERROR: Invalid URL"

 

This happens as well when we first install the server certificate and try to install the root certificate afterwards. 

And only with this combinations - other certificates work as expected. I know there must be something special with this certificate combination, but I don't see any specialties there compared to other certificates

 

I have no idea which URL could be meant there. 

 

Does anybody have an idea how to get the root cause of this error?

Link to comment
Share on other sites

No, there is nothing special in there. Just the following:

Feb  7 13:44:11 <local0.info> 172.25.162.40 02/07/2020:13:44:11 GMT SRVNS01 0-PPE-0 : default CLI CMD_EXECUTED 2517 0 :  User nsroot - Remote_ip 172.25.162.24 - Command "add ssl certKey certname -cert cert -key cert_key.pem -inform PEM -expiryMonitor ENABLED -notificationPeriod 30 -bundle YES" - Status "ERROR: Invalid URL"

Link to comment
Share on other sites

That's strange with the bundle parameter. Usually you only see that with referencing .pfx and not when specifying separate -cert <certfile> and -key <keyfile> parameters (just the -cert file only; bundle indicates it contains both parts...is my understanding).

Were you going through the GUI or the cli to create these? (Might try the GUI to see if the result is different and then compare the audited command.)

Also, determine whether your CA cert should the .cer file only or if it does need the private key reference.

 

Is it possible that what you are loading as the root cert has either the wrong files or the wrong parameters being specified?  Maybe commands with the other certs already imported on the system.)

Link to comment
Share on other sites

On 2/7/2020 at 4:23 PM, Stuart Griffiths1709158620 said:

Hi,

Difficult to answer without having the cert, but can you install the cert on something else (Windows box for instance?)  If no, then that may lead to further clues; if yes you may be able to test the certificate against an external service or something as simple as powershell Test-Certificate or openssl.

 

On Windows or Linux the cert installs fine. 
As a side node - this was working with the 12.x release, just happens since the 13.x release and I don't see anything changed in the release notes 

Link to comment
Share on other sites

On 2/9/2020 at 4:15 AM, Rhonda Rowland1709152125 said:

That's strange with the bundle parameter. Usually you only see that with referencing .pfx and not when specifying separate -cert <certfile> and -key <keyfile> parameters (just the -cert file only; bundle indicates it contains both parts...is my understanding).

Were you going through the GUI or the cli to create these? (Might try the GUI to see if the result is different and then compare the audited command.)

Also, determine whether your CA cert should the .cer file only or if it does need the private key reference.

 

Is it possible that what you are loading as the root cert has either the wrong files or the wrong parameters being specified?  Maybe commands with the other certs already imported on the system.)

 

Tried everything - GUI, cli, PFX format, PEM format - with and without chain. 
The result is always the same - it works as long as I only install the server certificate or the root certificate - but as soon as the second one comes into place it throws that error. 

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...