| Author |
Message
|
| praveenmq |
 Posted: Sun Jun 03, 2012 1:11 am Post subject: keytool error: java.lang.Exception: Input not an X.509 certi |
 |
|
Voyager
Joined: 28 Mar 2009
Posts: 96
|
Hi ,
I tried to add a certificate in a trustore using the keytool command.
But the keytool exited with the below error
"keytool error: java.lang.Exception: Input not an X.509 certi".
I contacted the vendor and they said that the certificate is an x.509 certificate. Is there any parameter we need to pass in keytool import command when adding a certificate as an X.509 certificate.
Thanks, |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sun Jun 03, 2012 1:00 pm Post subject: Re: keytool error: java.lang.Exception: Input not an X.509 c |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| praveenmq wrote: |
Hi ,
I tried to add a certificate in a trustore using the keytool command.
But the keytool exited with the below error
"keytool error: java.lang.Exception: Input not an X.509 certi".
I contacted the vendor and they said that the certificate is an x.509 certificate. Is there any parameter we need to pass in keytool import command when adding a certificate as an X.509 certificate.
Thanks, |
Can display part of the cert? Some programs output some extra stuff that you might have to remove before importing... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| praveenmq |
| Posted: Sun Jun 03, 2012 9:41 pm Post subject: Re: keytool error: java.lang.Exception: Input not an X.509 c |
|
|
Voyager
Joined: 28 Mar 2009
Posts: 96
|
| fjb_saper wrote: |
Can display part of the cert? Some programs output some extra stuff that you might have to remove before importing... |
You mean listing the certificate? I cant list the certificate before importing it. |
|
| Back to top |
|
|
| marko.pitkanen |
| Posted: Sun Jun 03, 2012 10:21 pm Post subject: |
|
|
Chevalier
Joined: 23 Jul 2008
Posts: 440
Location: Jamsa, Finland
|
Hi praveenmq,
What is your operating system, how did you receive the certificate, can you try to fetch the certificate from command line with for example openssl, did you do any Googling with your exception?
--
Marko |
|
| Back to top |
|
|
| praveenmq |
| Posted: Sun Jun 03, 2012 10:23 pm Post subject: |
|
|
Voyager
Joined: 28 Mar 2009
Posts: 96
|
Hi Marko,
I previously had the same certificate which was expired and was given the new certificate by vendor.
I removed the certificate from the store and i tried to add the new certificate which was issued, During the import i faced this error.
I did some googling with he exception but nothing helped.
Thanks,
Praveen. |
|
| Back to top |
|
|
| praveenmq |
| Posted: Sun Jun 03, 2012 10:25 pm Post subject: |
|
|
Voyager
Joined: 28 Mar 2009
Posts: 96
|
|
| Back to top |
|
|
| smdavies99 |
| Posted: Mon Jun 04, 2012 12:26 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| praveenmq wrote: |
was given the new certificate by vendor.
|
But how did they give it to you? By carrier pigeon? Semaphore? Smoke signals?
It is possible that the method of sending it to you corrupted it.
Get them to send it wrapped in a .zip (or .tar) file.
That way, if you can unzip it/untar it, you know it has not been corrupted.
Also get them to do an MD5sum on it before sending. Then do the same on the file you receive.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| praveenmq |
| Posted: Mon Jun 04, 2012 12:30 am Post subject: |
|
|
Voyager
Joined: 28 Mar 2009
Posts: 96
|
| smdavies99 wrote: |
But how did they give it to you? By carrier pigeon? Semaphore? Smoke signals?
|
I received the certificate in a mail the extension is in .pfx format.
I will request the vendor to send it zipped.
Thanks |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jun 04, 2012 7:55 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| praveenmq wrote: |
| smdavies99 wrote: |
But how did they give it to you? By carrier pigeon? Semaphore? Smoke signals?
|
I received the certificate in a mail the extension is in .pfx format.
I will request the vendor to send it zipped.
Thanks |
You may want to ask for it in ASCII format as well. I believe you have to consider a .pfx as binary format.
When looking at a cert in ASCII format it should look like this
| Code: |
------------------- Begin Certificate ---------------------------
here is a bunch of chars representing a byte array 64 bit encoded on a max of 80 char width
------------------------- End Certificate ------------------------------ |
Note: number of dashes and case of the boundary lines is not accurate.
Anything before the Begin Certificate line may not be accepted.
As well anything after the End Certificate line, even a blank line may cause for the program to qualify the cert as corrupted...
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
