[Discuss] java keytool x.509 error

[me at mattgillen.net (Matthew Gillen)]

On 9/17/2015 9:25 PM, Eric Chadbourne wrote:
> Hi All,
> 
> I'm attempting to assist a former coworker but have little experience with Java and the jvm keytool.  
> 
> He has to admin a java app (jira) running on ubuntu and needs to change the SSL from one for that specific server to one for them all.  He received a zip from executive IT & digicert.  I read through some docs but can't get it to work.  I know there's at least one java guru on the list.
> 
> Here's what I tried.
> 
> $JAVA_HOME/keytool -import -alias alias1 -keystore /somepath/jira.jks -file /someotherpath/DigiCertCA.crt
> 
> $JAVA_HOME/keytool -import -alias alias2 -keystore /somepath/jira.jks -file /someotherpath/star.crt
> 
> $JAVA_HOME/keytool -import -alias privateKey -keystore /somepath/jira.jks -file /someotherpath/star.key
> 
> The first two imported without issue.  The last one returned:
> 
> keytool error: java.lang.Exception: Input not an X.509 certificate
> 
> Unfortunately google is flooded with this error and I'm not finding a solution that helps.  The error is correct.  The key is not an X.509.  Am I not able to import a private key?  Am I totally misunderstanding how this works?

I really like Portecle (http://portecle.sourceforge.net/) for
manipulating keystore files.  Handles all formats, etc.  Normally I
prefer command line tools, but GUIs are better when the command line
tools have a gaggle of undocumented options that are all incompatible
with each other and you need a cookbook to actually do anything useful
with them.

For the record, I don't know how to make keytool add the key after the
fact.  When I've done it, the output of
 keytool -genkeypair
goes straight into the keystore file.

HTH,
Matt