Java – keytool keytool error: java.lang.Exception: Input not an X.509 certificate

javajksp7bssl

Attempting to add a certificate to the keystore so I can use it in an java based application. This is a new concept to me.

I have a .p7b certificate for the site and I put together a keytool command. When I enter it, I am prompted to specify a pwd and then I am prompted with the following error 

keytool error: java.lang.Exception: Input not an X.509 certificate

Can anyone provide insight? 

C:\Users\Desktop\>keytool -import -trustcacerts -file "service.site.com - SSL Cert.p7b" -keystore service.site.com.jks
Enter keystore password:
Re-enter new password:
keytool error: java.lang.Exception: Input not an X.509 certificate

Best Answer

You could try converting the key to CER (X509) and then try importing it:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

I have encountered a similar problem even though I was trying to import a .pem file. The file contained only the a single certificate in both humain readable form and encapsulated within —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–. In java 7 (patch 71) the keytool failed to parse such file and threw the same error you've got. Once I removed the text portion of the file:

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number: 11864724255945479761 (0xa4a7f7d949c31d11)
Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=COM, ST=CA, O=Company, OU=ORG, CN=ORG/emailAddress=admin@company.org
    Validity
        Not Before: Jan  5 15:30:35 2015 GMT
        Not After : Jan  2 15:30:35 2025 GMT

it worked alright for me.

Please also take a look at the following article (https://myonlineusb.wordpress.com/2011/06/19/what-are-the-differences-between-pem-der-p7bpkcs7-pfxpkcs12-certificates/) as it explains the differences between various formats and provides commands how to convert from one format to another

Related Topic