[Discuss] java keytool x.509 error
Eric Chadbourne
eric.chadbourne at icloud.com
Fri Sep 18 18:49:10 EDT 2015
> On Sep 17, 2015, at 10:25 PM, Matthew Gillen <me at mattgillen.net> wrote:
>
> On 9/17/2015 9:25 PM, Eric Chadbourne wrote:
>> Hi All,
>>
>> I'm attempting to assist a former coworker but have little experience with Java and the jvm keytool.
>>
>> He has to admin a java app (jira) running on ubuntu and needs to change the SSL from one for that specific server to one for them all. He received a zip from executive IT & digicert. I read through some docs but can't get it to work. I know there's at least one java guru on the list.
>>
>> Here's what I tried.
>>
>> $JAVA_HOME/keytool -import -alias alias1 -keystore /somepath/jira.jks -file /someotherpath/DigiCertCA.crt
>>
>> $JAVA_HOME/keytool -import -alias alias2 -keystore /somepath/jira.jks -file /someotherpath/star.crt
>>
>> $JAVA_HOME/keytool -import -alias privateKey -keystore /somepath/jira.jks -file /someotherpath/star.key
>>
>> The first two imported without issue. The last one returned:
>>
>> keytool error: java.lang.Exception: Input not an X.509 certificate
>>
>> Unfortunately google is flooded with this error and I'm not finding a solution that helps. The error is correct. The key is not an X.509. Am I not able to import a private key? Am I totally misunderstanding how this works?
>
> I really like Portecle (http://portecle.sourceforge.net/) for
> manipulating keystore files. Handles all formats, etc. Normally I
> prefer command line tools, but GUIs are better when the command line
> tools have a gaggle of undocumented options that are all incompatible
> with each other and you need a cookbook to actually do anything useful
> with them.
>
> For the record, I don't know how to make keytool add the key after the
> fact. When I've done it, the output of
> keytool -genkeypair
> goes straight into the keystore file.
>
> HTH,
> Matt
Thanks for the tip Matt.
I passed the info along.
- Eric
More information about the Discuss
mailing list