Error Importing SSL certificate Not an X 509 Certificate

Question

I am trying to Update the SSL certificate in accordance  with this post      I am noob in certificates  so i followed this guide  But  when i enter   keytool -keystore mycacerts -storepass changeit -importcert -file  C  Users Noks Desktop cacerts pem  -v   I get the error   keytool error  java lang Exception  Input not an X 509 certificate java lang Exception  Input not an X 509 certificate         at sun security tools KeyTool addTrustedCert KeyTool java 1913          at sun security tools KeyTool doCommands KeyTool java 818          at sun security tools KeyTool run KeyTool java 172          at sun security tools KeyTool main KeyTool java 166    How do i fix this

User · Answer

This seems like an old thread  but I ll add my experience here   I tried to install a cert as well and got that error   I then opened the cer file with a txt editor  and noticed that there is an extra space  character  at the end of each line  Removing those lines allowed me to import the cert   Hope this is worth something to someone else

User · Answer

Does your cacerts pem file hold a single certificate  Since it is a PEM  have a look at it  with a text editor   it should start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE----- Finally  to check it is not corrupted  get hold of openssl and print its details using openssl x509 -in cacerts pem -text

User · Answer

I will also add my experience here in case it helps someone   At work we commonly use the following two commands to enable IntelliJ IDEA to talk to various servers  for example our internal maven repositories    Elevated C  Program Files JetBrains IntelliJ IDEA  version  jre64 gt bin keytool      -printcert -rfc -sslserver maven services  our-company  com 443  gt  public crt   Elevated C  Program Files JetBrains IntelliJ IDEA  version  jre64 gt bin keytool     -import -storepass changeit -noprompt -trustcacerts -alias services  our-company  com      -keystore lib security cacerts -file public crt   Now  what sometimes happens is that the keytool -printcert command is unable to communicate with the outside world due to temporary connectivity issues  such as the firewall preventing it  the user forgot to start his VPN  whatever   It is a fact of life that this may happen   This is not actually the problem   The problem is that when the stupid tool encounters such an error  it does not emit the error message to the standard error device  it emits it to the standard output device   So here is what ends up happening    When you execute the first command  you don t see any error message  so you have no idea that it failed   However  instead of a key  the public crt file now contains an error message saying keytool error  java lang Exception  No certificate from the SSL server  When you execute the second command  it finds an error message instead of a key in public crt  so it fails  saying keytool error  java lang Exception  Input not an X 509 certificate    Bottom line is  after keytool -printcert      gt  public crt always dump the contents of public crt to make sure it is actually a key and not an error message before proceeding to run keytool -import     -file public crt

User · Answer

Many CAs will provide a cert in PKCS7 format   According to Oracle documentation  the keytool commmand can handle  PKCS 7 but sometimes it fails     The keytool command can import X 509 v1  v2  and v3 certificates  and   PKCS 7 formatted certificate chains consisting of certificates of that   type  The data to be imported must be provided either in binary   encoding format or in printable encoding format  also known as Base64   encoding  as defined by the Internet RFC 1421 standard  In the latter   case  the encoding must be bounded at the beginning by a string that   starts with -----BEGIN  and bounded at the end by a string that starts   with -----END    If the PKCS7 file can t be imported try to transform it from PKCS7 to X 509   openssl pkcs7 -print certs -in certificate p7b -out certificate cer

User · Answer

I changed 3 things and then it works    There is a column of spaces  I removed them Changed the line break from windows CRLF to linux LF Removed the empty line at the end

[java] Error Importing SSL certificate : Not an X.509 Certificate

Examples related to java

Examples related to security

Examples related to ssl

Examples related to x509certificate