[Discuss] java keytool x.509 error

[eric.chadbourne at icloud.com (Eric Chadbourne)]

> On Sep 17, 2015, at 10:25 PM, Matthew Gillen <me at mattgillen.net> wrote:
> 
> On 9/17/2015 9:25 PM, Eric Chadbourne wrote:
>> Hi All,
>> 
>> I'm attempting to assist a former coworker but have little experience with Java and the jvm keytool.  
>> 
>> He has to admin a java app (jira) running on ubuntu and needs to change the SSL from one for that specific server to one for them all.  He received a zip from executive IT & digicert.  I read through some docs but can't get it to work.  I know there's at least one java guru on the list.
>> 
>> Here's what I tried.
>> 
>> $JAVA_HOME/keytool -import -alias alias1 -keystore /somepath/jira.jks -file /someotherpath/DigiCertCA.crt
>> 
>> $JAVA_HOME/keytool -import -alias alias2 -keystore /somepath/jira.jks -file /someotherpath/star.crt
>> 
>> $JAVA_HOME/keytool -import -alias privateKey -keystore /somepath/jira.jks -file /someotherpath/star.key
>> 
>> The first two imported without issue.  The last one returned:
>> 
>> keytool error: java.lang.Exception: Input not an X.509 certificate
>> 
>> Unfortunately google is flooded with this error and I'm not finding a solution that helps.  The error is correct.  The key is not an X.509.  Am I not able to import a private key?  Am I totally misunderstanding how this works?
> 
> I really like Portecle (http://portecle.sourceforge.net/) for
> manipulating keystore files.  Handles all formats, etc.  Normally I
> prefer command line tools, but GUIs are better when the command line
> tools have a gaggle of undocumented options that are all incompatible
> with each other and you need a cookbook to actually do anything useful
> with them.
> 
> For the record, I don't know how to make keytool add the key after the
> fact.  When I've done it, the output of
> keytool -genkeypair
> goes straight into the keystore file.
> 
> HTH,
> Matt


Thanks for the tip Matt.

I passed the info along.

- Eric