Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] java keytool x.509 error



> On Sep 17, 2015, at 10:25 PM, Matthew Gillen <me at mattgillen.net> wrote:
> 
> On 9/17/2015 9:25 PM, Eric Chadbourne wrote:
>> Hi All,
>> 
>> I'm attempting to assist a former coworker but have little experience with Java and the jvm keytool.  
>> 
>> He has to admin a java app (jira) running on ubuntu and needs to change the SSL from one for that specific server to one for them all.  He received a zip from executive IT & digicert.  I read through some docs but can't get it to work.  I know there's at least one java guru on the list.
>> 
>> Here's what I tried.
>> 
>> $JAVA_HOME/keytool -import -alias alias1 -keystore /somepath/jira.jks -file /someotherpath/DigiCertCA.crt
>> 
>> $JAVA_HOME/keytool -import -alias alias2 -keystore /somepath/jira.jks -file /someotherpath/star.crt
>> 
>> $JAVA_HOME/keytool -import -alias privateKey -keystore /somepath/jira.jks -file /someotherpath/star.key
>> 
>> The first two imported without issue.  The last one returned:
>> 
>> keytool error: java.lang.Exception: Input not an X.509 certificate
>> 
>> Unfortunately google is flooded with this error and I'm not finding a solution that helps.  The error is correct.  The key is not an X.509.  Am I not able to import a private key?  Am I totally misunderstanding how this works?
> 
> I really like Portecle (http://portecle.sourceforge.net/) for
> manipulating keystore files.  Handles all formats, etc.  Normally I
> prefer command line tools, but GUIs are better when the command line
> tools have a gaggle of undocumented options that are all incompatible
> with each other and you need a cookbook to actually do anything useful
> with them.
> 
> For the record, I don't know how to make keytool add the key after the
> fact.  When I've done it, the output of
> keytool -genkeypair
> goes straight into the keystore file.
> 
> HTH,
> Matt


Thanks for the tip Matt.

I passed the info along.

- Eric




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org